Search code examples
node.jssslauthorize.nettls1.2pci-compliance

Authorize.net TLS Disablement Notice nodejs

Few days back, i got a notice from Authorize.net to disable TLS 1.0 and TLS 1.1

i am using nodejs here is my code in app.js to disable the TLS1.0 and TLS 1.1

var sslOptions = {
  key: fs.readFileSync('/etc/ssl/private/private.key'),
  cert: fs.readFileSync('/etc/ssl/certs/STAR_crt.com.crt'),
  secureProtocol: 'SSLv23_server_method',
    secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,
  ca: [
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
        ],
      ciphers:[
    "ECDHE-RSA-AES256-SHA384",
    "DHE-RSA-AES256-SHA384",
    "ECDHE-RSA-AES256-SHA256",
    "DHE-RSA-AES256-SHA256",
    "ECDHE-RSA-AES128-SHA256",
    "DHE-RSA-AES128-SHA256",
    "HIGH",
    "!aNULL",
    "!eNULL",
    "!EXPORT",
    "!DES",
    "!RC4",
    "!MD5",
    "!PSK",
    "!SRP",
    "!CAMELLIA",
    "!3DES"
].join(':'),
  //ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
  requestCert: false,
  rejectUnauthorized: false
};

But it seems i am missing something. I did SSL labs test after 30 hours and i got following results:-

enter image description here

Any idea what i need to do?

Thanks

Solution

  • Try changing SSLv23_server_method to TLSv1_2_server_method 

    var sslOptions = {
  key: fs.readFileSync('/etc/ssl/private/private.key'),
  cert: fs.readFileSync('/etc/ssl/certs/STAR_crt.com.crt'),
  secureProtocol: 'TLSv1_2_server_method',
    secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,
  ca: [
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
        ],
      ciphers:[
    "ECDHE-RSA-AES256-SHA384",
    "DHE-RSA-AES256-SHA384",
    "ECDHE-RSA-AES256-SHA256",
    "DHE-RSA-AES256-SHA256",
    "ECDHE-RSA-AES128-SHA256",
    "DHE-RSA-AES128-SHA256",
    "HIGH",
    "!aNULL",
    "!eNULL",
    "!EXPORT",
    "!DES",
    "!RC4",
    "!MD5",
    "!PSK",
    "!SRP",
    "!CAMELLIA",
    "!3DES"
].join(':'),
  //ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
  requestCert: false,
  rejectUnauthorized: false
};