Running into SSL/TLS problems with "http request" upgrading from 2.2.2 to 3.1.3

I got flows working with node-red v2.2.2 on dedian 12 with node.js v18.19.0 (from debian repo) using "http request" method against an https-server.

As I upgraded node-red to v3.1.3 I got an "RequestError: write EPROTO 00481237D57F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354:" with this method and URL. (tried another URL also without success)

Next I downgraded after a while of digging around (e.g. tried to add ":443" to URL; played with "insecureHTTPParser"; "un"hardened openssl.cnf) to node-red v3.0.2. Now the requests works again.

Whats changed between 3.0.x and 3.1.x make https not working? What can I do to solve this?

1 Like

So the request is complaining about a TLS version number or an incompatible encryption routine - in fact, it seems to be complaining about SSL which, if true, is a problem for you because SSL hasn't been safe for some years.

As systems get updated, the minimum acceptable settings for both TLS version and encryption types are updated due to older ones being compromised.

Either the server you are connecting to is outdated or it is updated but your TLS config is outdated. I'm not sure which I'm afraid.

Thanks for reply.

I used SSL-labs test for remote side (it is nethunt.com). They support both old TLS 1.0/1.1 and new TLS 1.3.
As I wrote, I use a standard debian 12 (bookworm) installation and also tried to "insecure" my openssl.cnf.

At the same machine node-red 3.0.2 is working and 3.1.3 not wothout changing anything else. What in detail changed between 3.0.x and 3.1.x to break this SSL/TLS-connection (and how to fix it)?

Sorry, you are going to need a core dev for that. Maybe @Steve-Mcl or @knolleary or @dceejay can help?