hermanbanken/ SSL bug replication.md

## SSL bug replication.md

      
    Raw
  

               SSL bug replication.md
            
          
    Without Docker

Compare A:
sh make-certs.sh
(nvm use 8.12 && PORT=44330 node server.js) &
(nvm use 8.12 && PORT=44330 node client.js)
with B:
sh make-certs.sh
(nvm use 10.13 && PORT=44331 node server.js) &
(nvm use 8.12 &&  PORT=44331 node client.js)
With Docker

echo "Node8-Node8"
sed -i -e "s/10.13.0/8.12/g" server.Dockerfile
docker-compose build > /dev/null && docker-compose up

echo "Node8-Node10"
sed -i -e "s/8.12/10.13.0/g" server.Dockerfile
docker-compose build > /dev/null && docker-compose up

  
## .dockerignore
node_modules

## .gitignore
node_modules
*.key
*.crt
*.csr

## client.Dockerfile
FROM node:8.12-alpine
ADD . /
WORKDIR /
RUN npm ci
CMD ["node", "client.js"]

## client.js
const WebSocket = require("ws");
const { globalAgent } = require("https");
// globalAgent.options.secureProtocol = 'TLSv1_2_method';

function start() {
	const client = new WebSocket(`wss://${process.env.SERVER || 'localhost'}:${process.env.PORT || 443}`, {
		rejectUnauthorized: false, // Accept self-signed certificates.
		checkServerIdentity: () => true,
	});

	client.on("message", (data) => {
		console.log("Got message", data);
		client.send("Got " + data);
	});
}

setTimeout(start, 1000);

## docker-compose.yml
version: '3'
services:
  client:
    build:
      context: .
      dockerfile: client.Dockerfile
  server:
    build:
      context: .
      dockerfile: server.Dockerfile
    ports:
     - "443:443"

## make-certs.sh
SUBJ="/C=NL/ST=State/O=Company Name"
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
rm server.pass.key
openssl req -batch -new -key server.key -out server.csr -subj "$SUBJ"
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

## package-lock.json
{"name":"server","version":"1.0.0","lockfileVersion":1,"requires":true,"dependencies":{"async-limiter":{"version":"1.0.0","resolved":"https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.0.tgz","integrity":"sha512-jp/uFnooOiO+L211eZOoSyzpOITMXx1rBITauYykG3BRYPu8h0UcxsPNB04RR5vo4Tyz3+ay17tR6JVf9qzYWg=="},"safe-buffer":{"version":"5.1.2","resolved":"https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz","integrity":"sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="},"ultron":{"version":"1.1.1","resolved":"https://registry.npmjs.org/ultron/-/ultron-1.1.1.tgz","integrity":"sha512-UIEXBNeYmKptWH6z8ZnqTeS8fV74zG0/eRU9VGkpzz+LIJNs8W/zM/L+7ctCkRrgbNnnR0xxw4bKOr0cW0N0Og=="},"uws":{"version":"10.148.0","resolved":"https://registry.npmjs.org/uws/-/uws-10.148.0.tgz","integrity":"sha512-aJpFgMMyxubiE/ll4nj9nWoQbv0HzZZDWXfwyu78nuFObX0Zoyv3TWjkqKPQ1vb2sMPZoz67tri7QNE6dybNmQ=="},"ws":{"version":"3.3.3","resolved":"https://registry.npmjs.org/ws/-/ws-3.3.3.tgz","integrity":"sha512-nnWLa/NwZSt4KQJu51MYlCcSQ5g7INpOrOMt4XV8j4dqTXdmlUmSHQ8/oLC069ckre0fRsgfvsKwbTdtKLCDkA==","requires":{"async-limiter":"~1.0.0","safe-buffer":"~5.1.0","ultron":"~1.1.0"}}}}

## package.json
{
  "name": "server",
  "version": "1.0.0",
  "description": "",
  "main": "server.js",
  "author": "",
  "license": "ISC",
  "dependencies": {
    "uws": "^10.148.0",
    "ws": "^3.3.3"
  }
}

## server.Dockerfile
FROM node:10.13.0-alpine
RUN apk add --update libc6-compat openssl && rm -rf /var/cache/apk/*
ADD . /
RUN sh make-certs.sh
RUN npm ci
WORKDIR /
CMD ["node", "server.js"]

## server.js
const { readFileSync } = require("fs");
const { Server: UWS } = require("uws");
const { createServer } = require("https");

const server = createServer({
  cert: readFileSync("server.crt", "utf8"),
  key: readFileSync("server.key", "utf8"),
  // ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:!aNULL:!eNULL",
	secureProtocol: "TLSv1_2_method",
});

const wss = new UWS({ server });
wss.on("connection", (c) => {
	let i = 0;
	const interval = setInterval(() => c.send("hi "+(i++)), 100);
	c.on("close", () => clearInterval(interval));
});

const port = parseInt(process.env.PORT || "443", 10);
server.listen(port, () => {
	console.log("Started");
});
	FROM node:8.12-alpine
	ADD . /
	WORKDIR /
	RUN npm ci
	CMD ["node", "client.js"]
	const WebSocket = require("ws");
	const { globalAgent } = require("https");
	// globalAgent.options.secureProtocol = 'TLSv1_2_method';

	function start() {
	const client = new WebSocket(`wss://${process.env.SERVER \|\| 'localhost'}:${process.env.PORT \|\| 443}`, {
	rejectUnauthorized: false, // Accept self-signed certificates.
	checkServerIdentity: () => true,
	});

	client.on("message", (data) => {
	console.log("Got message", data);
	client.send("Got " + data);
	});
	}

	setTimeout(start, 1000);
	version: '3'
	services:
	client:
	build:
	context: .
	dockerfile: client.Dockerfile
	server:
	build:
	context: .
	dockerfile: server.Dockerfile
	ports:
	- "443:443"
	SUBJ="/C=NL/ST=State/O=Company Name"
	openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
	openssl rsa -passin pass:x -in server.pass.key -out server.key
	rm server.pass.key
	openssl req -batch -new -key server.key -out server.csr -subj "$SUBJ"
	openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
	{
	"name": "server",
	"version": "1.0.0",
	"description": "",
	"main": "server.js",
	"author": "",
	"license": "ISC",
	"dependencies": {
	"uws": "^10.148.0",
	"ws": "^3.3.3"
	}
	}
	FROM node:10.13.0-alpine
	RUN apk add --update libc6-compat openssl && rm -rf /var/cache/apk/*
	ADD . /
	RUN sh make-certs.sh
	RUN npm ci
	WORKDIR /
	CMD ["node", "server.js"]
	const { readFileSync } = require("fs");
	const { Server: UWS } = require("uws");
	const { createServer } = require("https");

	const server = createServer({
	cert: readFileSync("server.crt", "utf8"),
	key: readFileSync("server.key", "utf8"),
	// ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:!aNULL:!eNULL",
	secureProtocol: "TLSv1_2_method",
	});

	const wss = new UWS({ server });
	wss.on("connection", (c) => {
	let i = 0;
	const interval = setInterval(() => c.send("hi "+(i++)), 100);
	c.on("close", () => clearInterval(interval));
	});

	const port = parseInt(process.env.PORT \|\| "443", 10);
	server.listen(port, () => {
	console.log("Started");
	});