Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Generated PFX (.p12) not working with Node v17+ due to RC2 cipher #496

Open
bgever opened this issue Jan 18, 2023 · 1 comment
Open

Generated PFX (.p12) not working with Node v17+ due to RC2 cipher #496

bgever opened this issue Jan 18, 2023 · 1 comment

Comments

@bgever
Copy link

bgever commented Jan 18, 2023

Environment

  • Operating system (including version): macOS 13.1
  • mkcert version (from mkcert -version): v1.4.4
  • Server (where the certificate is loaded): Node.js v18.12.1
  • Client (e.g. browser, CLI tool, or script): Node.js CLI ([email protected])

What you did

I'm using the webpack dev server, and prefer to use the PFX method as it only creates a single file on the filesystem.

  • Installed CA with mkcert -install
  • Create new PFX with mkcert -pkcs12 localhost
  • Run webpack with server config for HTTPS and loading the PFX (.p12) file.

Webpack config:

devServer: {
  server: {
    type: 'https',
    options: {
      pfx: './localhost.p12',
      passphrase: 'changeit'
    }
  }
}

What went wrong

Webpack is unable to serve with the following error:

> webpack serve --color --mode development

<i> [webpack-dev-server] SSL certificate: /Users/bart/myapp/node_modules/.cache/webpack-dev-server/server.pem
[webpack-cli] Error: unsupported
    at configSecureContext (node:internal/tls/secure-context:277:15)
    at Object.createSecureContext (node:_tls_common:117:3)
    at Server.setSecureContext (node:_tls_wrap:1352:27)
    at Server (node:_tls_wrap:1211:8)
    at new Server (node:https:74:3)
    at Object.createServer (node:https:112:10)
    at Server.createServer (/Users/bart/myapp/node_modules/webpack-dev-server/lib/Server.js:2443:57)
    at Server.initialize (/Users/bart/myapp/node_modules/webpack-dev-server/lib/Server.js:1820:10)
    at Server.start (/Users/bart/myapp/node_modules/webpack-dev-server/lib/Server.js:3251:16)
    at async Command.<anonymous> (/Users/bart/myapp/node_modules/@webpack-cli/serve/lib/index.js:159:21)

Searching for the problem led me to this Node.js bug report: nodejs/node#40672

It mentions that RC2 cipher has been disabled since Node 17. The suggested command to list the PFX details confirms the use of the RC2 cipher, see pbeWithSHA1And40BitRC2-CBC below.

$ openssl pkcs12 -info -in localhost.p12 -noout
Enter Import Password:
MAC Iteration 1
MAC verified OK
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048

Is it possible to generate a PFX without using RC2?

In the meantime, I'm using the PEM files approach instead.

@bgever
Copy link
Author

bgever commented Sep 19, 2023

Would the solution to explicitly state the ciphers for openssl also work for mkcert internals?
See homebridge/homebridge-config-ui-x#1428 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant