when running node js code met this SSL handshake error.
node -v
v18.0.0
$ node app.js -a 0.0.0.0 -o kuwo kugou pyncmd qq joox -serror message is as following:
ERROR: (hook) write EPROTO 005E0A1201000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:908:Error: write EPROTO 005E0A1201000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:908:at WriteWrap.onWriteComplete [as oncomplete] (node:internal/stream_base_commons:94:16)
errno: -100
code: EPROTO
syscall: write
solution is to rollback to stable version of node.
sudo npm cache clean -f
sudo npm install -g n
sudo n stable
$ sudo n stable
copying : node/16.14.2
installed : v16.14.2 (with npm 8.5.0)$ npm -v
8.5.0
$ node -v
v16.14.2Thennpm install npm@latest -g
second issue is self signed certificate in certificate chain
INFO: (app) HTTPS Server running @ http://0.0.0.0:8081
ERROR: (hook) self signed certificate in certificate chain
Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)
at TLSSocket.emit (node:events:526:28)
at TLSSocket._finishInit (node:_tls_wrap:944:8)
at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12)
code: SELF_SIGNED_CERT_IN_CHAINto solve the self signed certificate issue. there are several ways.
On npm
On Node Package Manager you have two options: bypass or set a certificate file.
Bypassing (risky!)
npm config set strict-ssl false --globalSetting a certificate file
npm config set cafile /path/to/your/cert.pem --globalOn Node.js
Sometimes, we have some problems when installing Node.js-based applications. Even setting a certificate file in npm, some installation packages rely on https libraries that don’t read npm settings. You may get an error like this: at bootstrapNodeJSCore ... code: 'SELF_SIGNED_CERT_IN_CHAIN'
So you can try to set a specific environment variable before running your Node.js-based script:
Bypassing (risky!)
export NODE_TLS_REJECT_UNAUTHORIZED=0Setting a certificate file
export NODE_EXTRA_CA_CERTS=/path/to/your/cert.pem