Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Getting SSL TLS1.2 error #637

Open
frhnfrq opened this issue Aug 27, 2023 · 15 comments
Open

Getting SSL TLS1.2 error #637

frhnfrq opened this issue Aug 27, 2023 · 15 comments

Comments

@frhnfrq
Copy link

frhnfrq commented Aug 27, 2023
edited
Loading

Hi,
I am getting the following error whenever trying to make a request,

Unexpected Error: {
  message: "write EPROTO 80C5D60501000000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:../deps/openssl/openssl/ssl/t1_lib.c:1573:",
  name: "Error",
  stack: "Error: write EPROTO 80C5D60501000000:error:0A000172:SSL routines:tls12_check_peer_sigalg:wrong signature type:../deps/openssl/openssl/ssl/t1_lib.c:1573:\n
    at __node_internal_captureLargerStackTrace (node:internal/errors:496:5)\n
    at __node_internal_errnoException (node:internal/errors:623:12)\n
    at WriteWrap.onWriteComplete [as oncomplete] (node:internal/stream_base_commons:94:16)\n
    at WriteWrap.callbackTrampoline (node:internal/async_hooks:130:17)"
  config: {
    transitional: {
      silentJSONParsing: true,
      forcedJSONParsing: true,
      clarifyTimeoutError: false
    },
    transformRequest: [ null ],
    transformResponse: [ null ],
    timeout: 20000,
    xsrfCookieName: "XSRF-TOKEN",
    xsrfHeaderName: "X-XSRF-TOKEN",
    maxContentLength: -1,
    maxBodyLength: -1,
    env: {},
    headers: {
      Accept: "application/json, text/plain, */*",
      Content-Type: "text/xml",
      Accept-Encoding: "gzip",
      User-Agent: "axios/0.27.2",
      Content-Length: 1754
    },
    url: "https://apac.universal-api.travelport.com/B2BGateway/connect/uAPI/AirService",
    method: "post",
    auth: {
      username: "_______",
      password: "_______"
    },
    data: "..."
  },
  code: "EPROTO",
  status: null
}

I'm assuming it's because Travelport only supports TLS1.2 and the client is trying to make the request using a different version. Please let me know how I can fix this.
@frhnfrq
Copy link
Author

frhnfrq commented Aug 27, 2023

I have tried monkey patching, by setting a custom httpsAgent with TLS v1.2 to the Axios instance in uapi-request but it didn't work.

@kommandant-topp
Copy link

Hello @frhnfrq,
Could you provide me with the next information?

  • uapi-json version
  • nodejs version
  • full request dump

Thank you, and have a nice day!

@frhnfrq
Copy link
Author

frhnfrq commented Aug 27, 2023
edited
Loading

Hi @kommandant-topp,

uapi-json: 1.16.0
nodejs version: 18.17.1 & 20.5.1

Here's the full request dump,
request log.txt

@kommandant-topp
Copy link

Hello @frhnfrq,
Looks like this is the problem with the disabled TLS 1.3 version on the apac region subdomain: https://www.ssllabs.com/ssltest/analyze.html?d=apac.universal-api.travelport.com (emec region is ok). You can try to use Node 16 or lower as a quick solution. You can also create a support ticket for Travelport to ask about this issue.

We'll discuss with our team the possible solution, but I'm not sure that we'll be able de deploy it fast.

Thank you, and have a nice day!

@frhnfrq
Copy link
Author

frhnfrq commented Aug 27, 2023

Hi @kommandant-topp,
Thanks. Switching to 16.14.2 solved the TLS error, however I am getting error of invalid credentials, even though my credentials are correct. It works on the demo portal of travelport.

Here's the log

Input params  {
  "legs": [
    {
      "from": "DEL",
      "to": "BOM",
      "departureDate": "2023-08-28"
    }
  ],
  "passengers": {
    "ADT": 1
  },
  "cabins": [
    "Economy"
  ],
  "requestId": "4e2fd1f8-2221-4b6c-bb6e-cf05c367cf60",
  "maxJourneyTime": 300,
  "pricing": {
    "currency": "USD"
  }
}
Request URL:  https://apac.universal-api.travelport.com/B2BGateway/connect/uAPI/AirService
Request XML:
<!--Release 33-->
<!--Version Dated as of 14/Aug/2015 18:47:44-->
<!--Air Low Fare Search For Galileo(1G) Request-->
<soap:Envelope
  xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Body>
    <air:LowFareSearchReq
            AuthorizedBy="user" TraceId="4e2fd1f8-2221-4b6c-bb6e-cf05c367cf60" TargetBranch="P7205768"
            ReturnUpsellFare="true"

      xmlns:air="http://www.travelport.com/schema/air_v52_0"

      xmlns:com="http://www.travelport.com/schema/common_v52_0"
            >
      <com:BillingPointOfSaleInfo OriginApplication="uAPI"/>
      <air:SearchAirLeg>
        <air:SearchOrigin>
          <com:CityOrAirport Code="DEL" PreferCity="true"/>
        </air:SearchOrigin>
        <air:SearchDestination>
          <com:CityOrAirport Code="BOM" PreferCity="true"/>
        </air:SearchDestination>
        <air:SearchDepTime PreferredTime="2023-08-28"/>
        <air:AirLegModifiers>
          <air:PreferredCabins>
            <com:CabinClass Type="Economy"/>
          </air:PreferredCabins>
        </air:AirLegModifiers>
      </air:SearchAirLeg>
      <air:AirSearchModifiers
                    MaxJourneyTime="300"
            >
        <air:PreferredProviders>
          <com:Provider Code="1G"
            xmlns:com="http://www.travelport.com/schema/common_v52_0"/>
          </air:PreferredProviders>
        </air:AirSearchModifiers>
        <com:SearchPassenger Code="ADT"
          xmlns:com="http://www.travelport.com/schema/common_v52_0"/>
          <air:AirPricingModifiers
                CurrencyType="USD"

            />
        </air:LowFareSearchReq>
      </soap:Body>
    </soap:Envelope>

Error Response SOAP:  {
  "status": 401,
  "data": "<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"><SOAP-ENV:Body><SOAP-ENV:Fault><SOAP-ENV:faultcode>76</SOAP-ENV:faultcode><SOAP-ENV:faultstring>Authentication Result Error Message Response  (76): Authentication credentials are invalid.</SOAP-ENV:faultstring><SOAP-ENV:faultactor>            </SOAP-ENV:faultactor><SOAP-ENV:detail>Authentication Result Error Message Response  (76): Authentication credentials are invalid.</SOAP-ENV:detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>"
}

/Users/farhan/NodeProjects/uapi-json-test/node_modules/uapi-json/src/Request/uapi-request.js:131
          return Promise.reject(new RequestSoapError.SoapRequestError(error));
                                ^
SoapRequestError [RequestSoapError.SoapRequestError]: Error during request to SOAP API. Check url validity
    at /Users/farhan/NodeProjects/uapi-json-test/node_modules/uapi-json/src/Request/uapi-request.js:131:33
    at processTicksAndRejections (node:internal/process/task_queues:96:5) {
  source: 'uapi-json',
  data: {
    status: 401,
    data: '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Body><SOAP-ENV:Fault><SOAP-ENV:faultcode>76</SOAP-ENV:faultcode><SOAP-ENV:faultstring>Authentication Result Error Message Response  (76): Authentication credentials are invalid.</SOAP-ENV:faultstring><SOAP-ENV:faultactor>            </SOAP-ENV:faultactor><SOAP-ENV:detail>Authentication Result Error Message Response  (76): Authentication credentials are invalid.</SOAP-ENV:detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>'
  },
  statusCode: undefined
}

Moreover, please do have a discussion with your team regarding the TLS issue for newer version of node.

Thank you very much, you have a nice day too!

@frhnfrq
Copy link
Author

frhnfrq commented Aug 28, 2023

My bad, I missed the fact that production flag is set to true by default

@misoag
Copy link

misoag commented Sep 15, 2023

Hello developer, when can this issue be resolved and merged into the main branch. Thanks!

@kommandant-topp
Copy link

Hello @misoag,
Not sure about the terms of this update to be done.

Meanwhile, do you consider contributing to this fix?
Check our contribution instruction.

Thank you, and have a nice day

@kim00425
Copy link

kim00425 commented Feb 5, 2024

@kommandant-topp i have same problem this issue. i use nodejs 20.10.0 and npm version 10. then should i downgrade my nodejs version?

@kommandant-topp
Copy link

Hello @kim00425,
you can try to downgrade your nodejs version for the local solution or contribute a global fix.
Check our contribution instruction.

Thank you, and have a nice day

@kim00425
Copy link

kim00425 commented Feb 6, 2024

@kommandant-topp i understand that support for nodejs version 16 is now ending. can this be resolved by contacting Travelport?

@kim00425
Copy link

@kommandant-topp It is said that Travelport recently renewed its SSL certificate. please confirm.

@kommandant-topp
Copy link

Hello @kim00425,
As I can see from here: https://www.ssllabs.com/ssltest/analyze.html?d=apac.universal-api.travelport.com, TLS1.3 is still disabled for the apac region subdomain. I'll try to test it again a bit later.

Thank you, and have a nice day!

@kim00425
Copy link

kim00425 commented Mar 15, 2024
edited
Loading

@kommandant-topp If you run it now, it will work. when i run on version 20.10.0, the request was made normally.
APAC UAPI endpoint has been updated with the newest ciphers

@frhnfrq try to node 18

@kommandant-topp
Copy link

Hello @kim00425,

Thank you a lot for the update!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@misoag @kommandant-topp @frhnfrq @kim00425