Node 12 ssl_choose_client_version:unsupported protocol error with auth-ldap plugin

DeOccultist

After upgrading to node.js v12.18.2 and upgrading to the latest version of XO Community 5.62.0. I'm getting an error with the auth-ldap plugin connecting to Active Directory over SSL port 636.

140338573449088:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../deps/openssl/openssl/ssl/statem/statem_lib.c:1942:

I'm currently guessing it has something to do with node 12 defaults to TLS 1.2. And need to add --tls-min-v1.0 when running XO.
How do I add this to test it?

I got the idea from here: https://stackoverflow.com/questions/59898050/axios-ssl-error-with-node-12-ssl-routinesssl-choose-client-versionunsupporte

olivierlambert

Ping @julien-f who'll take a look when he can

julien-f

@DeOccultist You can run xo-server with this flag:

> which xo-server
/usr/local/bin/xo-server
> node --tls-min-v1.0 /usr/local/bin/xo-server

DeOccultist

@julien-f Thanks for the help.

My xo-server is installed in /opt/xen-orchestra/packages/xo-server/bin/xo-server.

After stopping the service when I run

node --tls-min-v1.0 /opt/xen-orchestra/packages/xo-server/bin/xo-server

I get the error

2020-07-06T00:58:51.959Z xo:plugin INFO Cannot find module '/usr/local/lib/node_modules/xo-server-cloud'
Require stack:
- /opt/xen-orchestra/packages/xo-server/dist/index.js
- /opt/xen-orchestra/packages/xo-server/index.js
- /opt/xen-orchestra/packages/xo-server/bin/xo-server {
  error: Error: Cannot find module '/usr/local/lib/node_modules/xo-server-cloud'

How do I add the --tls-min-v1.0 parameter in and start it as a service instead?

DeOccultist

@julien-f Actually it'll be good to know how to set that parameter as a service but it is not necessary anymore. The better solution was to enable TLSv1.2 on the directory instead.

Thanks for the help.

julien-f

Yep, that's the best solution

Have a nice day.