Hi,
We're moving our flows from Node-Red V2.06 to V3.02
We have a subflow that connects to an older (Legacy) systems API. Under Node-Red V2 the http-request node works fine. Under V3 we get an error
RequestError: write EPROTO 886996BB0D7F0000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:907:
Is there an option we can use through "ALPN Protocol" to Allow Legacy Renegotiation, or some other method. i.e. setting SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION to true?
Ideally we could just allow it on this Subflow connector for known legacy API but leave the others alone.
Thanks In Advanced
Harry
This looks to be something people are experiencing under certain conditions on nodejs v18+
You could try running node-red under node v16LTS
For node18, set secureOptions like below:
import * as https from 'https';
import * as crypto from "crypto";
axios.create({
baseURL: baseURL,
httpsAgent: new https.Agent({
secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT,
})
});
Thanks this is very helpful and certainly a workaround.
Luckily, we where able to convince their IT of the security issue and the server SSL was updated and fixes our issue.
But once again, thank you so much for the workaround.
Harry
Always the best first approach - fix the security problem rather than work around it! 
