I am trying to modify my NodeJS web application to limit TLS access to version 1.3 only. I made the following change to the code.
var options = {
key: key,
cert: cert,
ca: ca,
passphrase: passphrase,
requestCert: true,
rejectUnauthorized: false,
**minVersion: 'TLSv1.3',
maxVersion: 'TLSv1.3'**
}
var httpsServer = https.createServer(options, app);
httpServer.listen(8443);
When I restart the service, I get the following error:
TypeError [ERR_TLS_INVALID_PROTOCOL_VERSION]: "TLSv1.3" is not a valid minimum TLS protocol version
The web application starts just fine if I revert the values to 'TLSv1.2'.
Anyone have any insights into why this isn't working? TLS 1.3 is supposed to be supported by NodeJS as of version 12, and I'm at 16.15.0.
I was able to set the min and max TLS versions by adding the following to my web-app.js file:
var tls = require("tls");
I then changed the values of minVersion and maxVersion to "tls.DEFAULT_MAX_VERSION".
However (there's always a "but"), when I open the web app in a browser, hit F12 to show the developer tools, and select "security", it says that the connection used TLS 1.2. Now what do I do?