-
Notifications
You must be signed in to change notification settings - Fork 436
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[QUESTION] #1535
Comments
Hey @eugenestepanyuk,
That is just a warning. We'll be working on fixing this, but I'm assuming you are connecting by specifying an IP address for the
This is the actual error you are encountering. Node.js has tightened the requirements around certificates and what it accepts as a valid certificate by default, and Have you set up a custom certificate on the SQL Server you're connecting to?
When you install SQL Server, it generates a default certificate. If I remember correctly, this default certificate is using the SHA1 algorithm, which is no longer deemed secure enough. If you have replaced that certificate after SQL Server installation, most likely you also replaced it with a SHA1 based certificate, which again is no longer secure enough. The recommended approach would be to work with your SQL Server administrator to set up a more secure certificate. You can check out https://github.com/tediousjs/tedious/blob/master/.github/workflows/nodejs.yml#L249-L275 to see how we do this in an automated fashion via PowerShell during the Other not-so-recommended approaches involve either lowering the Node.js security settings to allow these unsecure certificates (which means the encryption becomes more or less useless) or to disable encryption altogether. Both of these mean that a bad actor with access to your network can get access to the credentials you use to connect to your SQL Server instance. Whether that's an issue or not is for you to decide. |
yes, I use the IP address in environment.database.host to be able to connect to the database not only locally
to be honest, I don’t even know, I didn’t install certificates, most likely there is some kind of default |
I have an api on nodejs and when I try to connect to the database I get an error: "(node:14320) [DEP0123] DeprecationWarning: Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.
(Use node --trace-deprecation ... to show where the warning was created)
Failed to connect to ip:port - F8510000:error:0A00014D:SSL routines:tls_process_key_exchange:legacy sigalg disallowed or unsupported:c:\ws\deps\openssl\openssl\ssl\statem\statem_clnt.c:2263:"
My connection:
The connection was initially without encrypt in dialectOptions, I found information on the Internet if you make encrypt: false then the problem may disappear, if I uncomment this line the problem really disappears
The question is, how safe and generally normal is it to do so? Could you suggest other solutions to the error?
upd. this error started to occur after updating nodejs from version 16 to 19
The text was updated successfully, but these errors were encountered: