HTTPS error (SSL_ERROR_NO_CYPHER_OVERLAP) - no common encryption algorithm(s)

May 7, 2018 2k views
Node.js Security

I have seen other similar questions but non addresses my problem. I have generated my TLS (openSSL) Self-Signed certificate, but seems not working on my NodeJS server.

Instructions to generate SSL

openssl req -newkey rsa:2048 -keyout key.pem -x509 -days 365 -out certificate.pem

openssl x509 -text -noout -in certificate.pem

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

openssl pkcs12 -in certificate.p12 -noout -info  // verify certificate

So at the end I have .p12 also known as PFX type certificate. Below is my Node.js code:

    // ------- Start HTTPS configuration ----------------

const options = {

    pfs: fs.readFileSync('./server/security-certificate/certificate.p12'),     
    passphrase: 'secrete2'
};
https.createServer(options, app).listen(8443);

    // -------- End HTTPS configuration -----------------

    // Also listen for HTTP 
var port = 8000;
app.listen(port, function(){
    console.log('running at localhost: '+port);
});

Here is the output when I run curl command, the HTTP request is served correctly, only HTTPS has problem:

Output when tested on same machine

Moreover, if I do this:

export CURL_CA_BUNDLE=/var/www/html/node_app/server/security-certificate/cert.p12

Then I get following error:
curl: (77) Problem with the SSL CA cert (path? access rights?)

If I try to access in browser with HTTPS and port, browser says it could not load the page.

Reference links I followed:
Node.js HTTPS:

https://nodejs.org/dist/latest-v8.x/docs/api/https.html#https_https_createserver_options_requestlistener

I'm using AWS RedHat Linux

1 Answer

I haven't personally tried to set up SSL with Node.js directly but I can recommend an alternate configuration that should both improve performance through caching if you enable it as well as making the SSL problem easy to solve.

If you set up your Node.js application to use Nginx in front of it as a reverse proxy you'll be able to:

  • Use Nginx's caching options to reduce the load on Node.js
  • Use LetsEncrypt (tutorial here) to create a free trusted SSL certificate for Nginx
  • Log access to your Node.js app in the standard Nginx format and (if helpful) use tools like fail2ban to prevent abuse.

This guide covers setting up this stack (Node.js/PM2/Nginx).

by Brennen Bearnes
Node.js is an open source JavaScript runtime environment for easily building server-side and networking applications. Node.js applications can be run at the command line but this guide focuses on running them as a service using PM2, so that they will automatically restart on reboot or failure, and can safely be used in a production environment.
Have another answer? Share your knowledge.