Passing options `ciphers` and `rejectUnauthorized` down to axios

Questions
1

Describe the problem/error/question

I need to perform a call to a backend that uses client SSL authentication, and uses old ciphers. I can perform the call to the backend using this curl command:

 curl --verbose \
 --cert $PWD/client.cer --key $PWD/client.key --cacert $PWD/root.cer \
 --ciphers 'DEFAULT@SECLEVEL=0' \
 -H 'some_header: some_value' \
 -H 'accessToken: <access_token>' \
 'https://<url>?<some_param>=<some_value>'

I have managed to make the call work using axios directly in a Code node like this:

axios({
  method: 'get',
  url: 'https://<url>',
  params: {
    some_param: 'some_value',
  },
  headers: {
    some_header: '<some_value>',
    accessToken: '<access_token>',
  },
  httpsAgent: new https.Agent({
    ciphers: 'DEFAULT@SECLEVEL=0',
    cert: <client.cer content>,
    key: <client.key content>,
    ca: <ca.cer content>,
    rejectUnauthorized: false,
  }),
})

In short, I need to provide two options to httpsAgent: ciphers and rejectUnauthorized.

I tried to wrap the axios call in an async/await wrapper, but it fails with error RangeError: Selection points outside of document. This is the wrapper I’m using:

(async function() {
  try {
    return await axios(...);
  } catch (error) {
    console.error("Error:", error);
  }
})();

To summarize:

  1. Can I pass the options ciphers and rejectUnauthorized down to axios using the HTTP Request node?
  2. If not, is there any other way to do that, perhaps using a Code node? How can I perform the async/await call?

What is the error message (if any)?

Without the ciphers option, I get a error:0A00018E:SSL routines::ca md too weak error.

Without the rejectUnauthorized option, I get a UNABLE_TO_GET_ISSUER_CERT_LOCALLY error.

Upgrading the certificates and ciphers is not an option.

Please share your workflow

Share the output returned by the last node

Information on your n8n setup

  • n8n version: 1.48.3
  • Database (default: SQLite): Postgres
  • n8n EXECUTIONS_PROCESS setting (default: own, main): default
  • Running n8n via (Docker, npm, n8n cloud, desktop app): Docker, self-hosted
  • Operating system: Linux
2

Hey @ricardopadilha,

Welcome to the community :raised_hands:

This is a tricky one, We have an option to allow you to set a certiciate now in the http request and you can ignore ssl errors with the certificate but we don’t have an option to allow the ciphers to be changed.

Using the code node should do the trick and there have been other posts where users are using the code node to make https calls, I would be more tempted to take the upgrade route though as it looks like they are potentially vulnerable to security issues depending on how old the application is.

3

I managed to get it to work. For future reference, this is the content of the Code node:

const axios = require('axios');
const https = require('https');

const response = await axios({
  method: 'get',
  url: ...,
  params: {...},
  headers: {...},
  httpsAgent: new https.Agent({
    ciphers: 'DEFAULT@SECLEVEL=0',
    cert: $json.certs.client, // this is the content of client.cer
    key: $json.certs.key, // this is the content of client.key
    ca: $json.certs.ca, // this is the content of ca.cer, may include full chain
    rejectUnauthorized: false,
  }),
})

// do NOT keep a reference to 'response' directly,
// otherwise it will fail with an Internal Error:
// TypeError: Converting circular structure to JSON
$input.item.json = response.data;

return $input.item;
2 Likes
4

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.