On Mon, Apr 25, 2016 at 11:34 AM, Eugene Williams <[email protected]> wrote: > Thanks again for the suggestion Johnny. > > I updated the server configuration with the new cipher suite. The final > setup is: > > var ciphersall = > 'ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; > > var options = { > cert: > [fs.readFileSync('ssl/GEOTRUST_rsa_full.pem'),fs.readFileSync('ssl/COMODO_ecc_full.pem')], > key: > [fs.readFileSync('ssl/GEOTRUST_rsa.key'),fs.readFileSync('ssl/COMODO_ecc.key')], > ca: fs.readFileSync('ssl/COMODO-GEOTRUST_chain.pem') > , ciphers: ciphersall > , ecdhCurve: 'secp521r1' > , honorCipherOrder: true > }; > > > > But I'm still getting errors: > > > SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > > Not sure how to handle it from here. I feel as though I've tried everything > I know to do. It's as though nodejs doesn't understand how to begin the > conversation - initial handshake is fine, beyond that, no luck. I tested > again using the same certs with the openssl on the same server, works fine, > so I'm trusting nothing is wrong with the actual certs or the keys.
I don't believe you've mentioned the version of node.js that you're using. If it's v0.10 or v0.12, you need to upgrade; the DHE/ECDHE family of ciphers only work reliably in v4 and newer. -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/CAHQurc84J3Wfv9TcG0KgNOVJLjRq9Qi451aKmSZW--WFXiy4Jw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
