SSL handshake failure with node.js https

Question

I have an API running with express using https . For testing, I've been using tinycert.org for the certificates, which work fine on my machine.

I'm using docker to package up the app, and docker-machine with docker-compose to run it on a digital ocean server.

When I try to connect with Chrome, I get ERR_SSL_VERSION_OR_CIPHER_MISMATCH . When running this with curl , I get a handshake failure: curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect .

I tried to debug with Wireshark's SSL dissector, but it hasn't given me much more info: I can see the "Client Hello" and then the next frame is "Handshake Failure (40)".

I considered that maybe node on the docker container has no available ciphers, but it has a huge list, so it can't be that. I'm unsure as to what's going on and how to remedy it.

EDIT

Here's my createServer() block:

let app = express();
let httpsOpts = {
    key:  fs.readFileSync("./secure/key.pem"),
    cert: fs.readFileSync("./secure/cert.pem")
};
let port = 8080;
https.createServer(httpsOpts, app).listen(port);

Answer 1

I've had this problem for a really long time too, there's a weird fix:

1. Don't convert your certs to .pem; it works fine as .crt and .key files.

2. Add ca: fs.readFileSync("path to CA bundle file") to the https options.
   It looks like your server is only sending the top certificate and the CA bundle file has the intermediate and root certificates which you'll need for non-browser use.

3. IMPORTANT! Reinstall or update node to the latest version.
   You can use sudo apt-get upgrade if you're on Linux (it may take a while).

4. Re-download your certificate or get a new one.

If you are acting as your own certificate authority it could be not recognizing / trusting the certificate, so try testing your site on ssllabs.com .

If you're using the http2 API try adding allowHTTP1: true to the options.