none
[Node.js][Mobile App] Node js app failing to connect over TLS 1.1 / 1.2 RRS feed

  • Question

  • We have a node js app hosted on AMS which makes API calls to an external server over HTTPS. Everything use to work fine till few days ago when that external server stopped supporting TLS 1.0 and below.

    That server has a valid SSL certificate being issued by DigiCert.

    Is their a known issue where AMS can't make/allow/blocks connections to external entities over TLS 1.1 or 1.2?

    An update would be greatly appreciated.

    Thanks.



    Wednesday, September 9, 2015 6:48 PM

All replies

  • Hi,

    Node.js add TLS 1.1 and 1.2 to secureProtocol in v0.11.6, refer to https://nodejs.org/en/blog/release/v0.11.6/ for more details, however, the default version of Azure Mobile Service is 0.8.28, please try to upgrade Node.js runtime to see if it helps, please have a look at this thread: http://stackoverflow.com/questions/27113647/how-to-use-latest-version-of-nodejs-on-azure-mobile-service-runtime

    Best Regards,

    Jambor 


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, September 10, 2015 8:36 AM
    Moderator
  • Thanks Jambor,

    It seems my app is using 0.8.0 which is weird because I have a package.json in my project and there for engine, I have specified ~0.12.0

    Doesn't that tell azure to use 0.12.0 and not 0.8?
     
    Anyways, I'll try your suggestion and will let you know. Thanks
    Thursday, September 10, 2015 11:16 AM
  • Tried your suggestion from stackoverflow to upgrade the runtime but it still shows 0.8.28. :(

    Thursday, September 10, 2015 11:40 AM
  • Hi,

    Is your issue fixed?

    I find a related thread: https://social.msdn.microsoft.com/Forums/azure/en-US/e8ba35a9-9518-44f7-8001-7238e7d145be/nodejs-sos-ams-nodejs-need-to-upgrade-to-v0116-to-support-ios-9?forum=azuremobile, the following is a snippet:

    The server in AMS doesn't do SSL/TLS. IISNode does all the TLS actions. If you go to your mobile landing page (https://{sitename}.azure-mobile.net), most browsers have the ability to see the certificate info. I've just double checked that we are using TLS1.2

    From the above message, the AMS will not block connections to external entities over TLS 1.2.

    Best Regards,

    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Wednesday, September 30, 2015 2:59 AM
    Moderator
  • Hi,

    Don't think that thread is relevant. In our case AMS acts as a client and sends an API request to another 3rd party server which now accepts connection only on TLS 1.1 and above.

    Wednesday, September 30, 2015 1:43 PM
  • This is a known issue with Azure Mobile Services. Please email me at chrande (at) microsoft (dot) com and I'll lay out the options for you.
    Monday, October 5, 2015 8:04 PM