[SOLVED] Sometimes the shortest responses are the most profound. Thanks to everyone who contributed.
Ben, you saved my sanity, my hours, in some ways my life. Although I'd upgraded nodejs to version 5.10 under the current user (AWS ec2-user), this latest version was installed to /usr/local/bin/node. All attempts to run the server were with "sudo" since ec2-user didn't have access to reserve the ports. The root user was still pulling the /usr/bin/node version (which was at 0.10.33). Once I updated the link using the following: sudo mv /usr/bin/node /usr/bin/node_0.10.33 sudo ln -s /usr/local/bin/node /usr/bin/node The server started perfectly, loading the DH params and presenting both the RSA and ECC certs when viewing through Symantec's cert checker (https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp) Again, thanks to everyone who contributed. Eugene On Tuesday, April 26, 2016 at 6:32:17 AM UTC-7, Ben Noordhuis wrote: > > On Mon, Apr 25, 2016 at 11:34 AM, Eugene Williams > <[email protected] <javascript:>> wrote: > > Thanks again for the suggestion Johnny. > > > > I updated the server configuration with the new cipher suite. The final > > setup is: > > > > var ciphersall = > > > 'ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; > > > > > > var options = { > > cert: > > > [fs.readFileSync('ssl/GEOTRUST_rsa_full.pem'),fs.readFileSync('ssl/COMODO_ecc_full.pem')], > > > > key: > > > [fs.readFileSync('ssl/GEOTRUST_rsa.key'),fs.readFileSync('ssl/COMODO_ecc.key')], > > > > ca: fs.readFileSync('ssl/COMODO-GEOTRUST_chain.pem') > > , ciphers: ciphersall > > , ecdhCurve: 'secp521r1' > > , honorCipherOrder: true > > }; > > > > > > > > But I'm still getting errors: > > > > > > SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher > > > > > > Not sure how to handle it from here. I feel as though I've tried > everything > > I know to do. It's as though nodejs doesn't understand how to begin the > > conversation - initial handshake is fine, beyond that, no luck. I tested > > again using the same certs with the openssl on the same server, works > fine, > > so I'm trusting nothing is wrong with the actual certs or the keys. > > I don't believe you've mentioned the version of node.js that you're > using. If it's v0.10 or v0.12, you need to upgrade; the DHE/ECDHE > family of ciphers only work reliably in v4 and newer. > -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/8d89a6c1-fa73-4fa0-ad50-cb108d8165d0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
