Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS v1.0 and v1.1 are not supported on Postman v7.25.1 #8565

Closed
ZAJDAN opened this issue May 31, 2020 · 12 comments · Fixed by #8590
Closed

TLS v1.0 and v1.1 are not supported on Postman v7.25.1 #8565

ZAJDAN opened this issue May 31, 2020 · 12 comments · Fixed by #8590
Labels
product/runtime support How do I ... ? Can I ... ?

Comments

@ZAJDAN
Copy link

ZAJDAN commented May 31, 2020
edited
Loading

Until yesterday all worked and after today update to Postman v7.25.1 ...I am not able send login via JSON.

Could not get response
Error: write EPROTO 1920407800:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:../../third_party/boringssl/src/ssl/handshake_client.cc:569:
@codenirvana
Copy link
Member

codenirvana commented May 31, 2020
edited
Loading

@ZAJDAN Thanks for reporting this issue.
With Postman v7.25.1, we upgraded our underlying SSL library which might be the cause of this.

At first glance, it looks like you are using an older version of TLS protocol which is not supported by the SSL library.

But to help us debug this issue better could you send this request using curl with the -v flag and share the verbose info (remove the sensitive details)?
e.g, curl -v https://postman-echo.com/get

@numaanashraf numaanashraf added electron product/runtime support How do I ... ? Can I ... ? labels May 31, 2020
@ZAJDAN
Copy link
Author

ZAJDAN commented May 31, 2020
edited
Loading

curl -v https://192.168.26.121:50000/Login ..returns:
TCP_NODELAY set
Connected to 192.168.26.121 (192.168.26.121) port 50000 (#8438 ALPN, offering h2
ALPN, offering http/1.1
TLSv1.2 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS handshake, Server hello (2):
TLSv1.0 (IN), TLS handshake, Certificate (11):
TLSv1.0 (OUT), TLS alert, Server hello (2):
SSL certificate problem: self signed certificate
stopped the pause stream!
Closing connection 0

@harryi3t harryi3t changed the title SSL hanshake error TLS v1.0 and v1.1 are not supported on Postman v7.25.1 Jun 1, 2020
@harryi3t
Copy link

harryi3t commented Jun 1, 2020

@ZAJDAN
Postman v7.25.1 doesn’t support TLS v1.0 and v1.1. This is a regression and is being addressed in an upcoming patch release v7.25.2. Until this patch release is available, please use the manual workaround detailed below to restore support for TLS v1.0 and v1.1 in Postman v7.25.1

The workaround includes passing an additional environment variable NODE_OPTIONS=--tls-min-v1.0 to Postman while launching. Here’s how to do this in various platforms:

MacOS

NODE_OPTIONS=--tls-min-v1.0 /Applications/Postman.app/Contents/MacOS/Postman

Linux (please use the path where Postman is installed)

NODE_OPTIONS=--tls-min-v1.0 /path/to/Postman/Postman

Windows

set NODE_OPTIONS=--tls-min-v1.0
C:\users\<username>\AppData\local\Postman\Postman.exe

@ZAJDAN
Copy link
Author

ZAJDAN commented Jun 2, 2020
edited
Loading

thank You

@lucasmaffazioli lucasmaffazioli mentioned this issue Jun 2, 2020
Closed
@numaanashraf
Copy link
Member

@ZAJDAN We've pushed out v7.25.2 which resolves this issue and you wouldn't need the manual workaround anymore. Thanks for your patience.

@giorod3
Copy link

giorod3 commented Jun 2, 2020

I am now getting an error saying 'certificate has expired'.

@codenirvana
Copy link
Member

@giorod3 I am assuming this is happening after the upgrade. Is there any public API endpoint that we can use to reproduce this issue?

If it's private, you can share it with us on help@getpostman.com as well.

@giorod3
Copy link

giorod3 commented Jun 2, 2020

@codenirvana I am using the bespoken tools for nodejs.

@codenirvana
Copy link
Member

@giorod3 I referred bespoken API docs and their base URL https://virtual-device.bespoken.io is working fine for me.

But I noticed that their certificate is issued by Sectigo which recently had an issue with their Root Certificate expiration, and I am assuming you are facing the same issue. More details here: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

Also, can you execute the following command with your API endpoint (replace postman-echo.com) and share the logs,

openssl s_client -connect postman-echo.com:443 |  openssl x509 -noout -dates

This will help us to validate:

  • is this Sectigo issue or not
  • is certificate actually expired or not

@arlemi arlemi mentioned this issue Jun 4, 2020
Merged
@giorod3
Copy link

giorod3 commented Jun 4, 2020

@codenirvana Sorry for the delayed response. this was the output:
depth=3 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services verify return:1 depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA verify return:1 depth=0 CN = *.bespoken.io verify return:1 notBefore=May 16 00:00:00 2020 GMT notAfter=Aug 18 00:00:00 2022 GMT

@numaanashraf
Copy link
Member

@giorod3 This seems to be related to the recent Sectigo root expiry. We are tracking this at #8589 and there is a known workaround detailed on that thread - #8589 (comment)

@tarekahf
Copy link

tarekahf commented Jan 7, 2021

@ZAJDAN
Postman v7.25.1 doesn’t support TLS v1.0 and v1.1. This is a regression and is being addressed in an upcoming patch release v7.25.2. Until this patch release is available, please use the manual workaround detailed below to restore support for TLS v1.0 and v1.1 in Postman v7.25.1

The workaround includes passing an additional environment variable NODE_OPTIONS=--tls-min-v1.0 to Postman while launching. Here’s how to do this in various platforms:

MacOS

NODE_OPTIONS=--tls-min-v1.0 /Applications/Postman.app/Contents/MacOS/Postman

Linux (please use the path where Postman is installed)

NODE_OPTIONS=--tls-min-v1.0 /path/to/Postman/Postman

Windows

set NODE_OPTIONS=--tls-min-v1.0
C:\users\<username>\AppData\local\Postman\Postman.exe

This solution solved my problem. In my case, the POST request was working from the Desktop App, but not working from Postman for Web. So, I quite the Agent, set the variable as indicated, and restarted the agent, then it worked.

So what is going on? Does this mean the web version is behind the desktop app (I mean has less support)?

Tarek

@taehoshino taehoshino mentioned this issue Jan 7, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
product/runtime support How do I ... ? Can I ... ?
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Release app 7.25.2 postmanlabs/postman-app-support
6 participants
@numaanashraf @codenirvana @harryi3t @ZAJDAN @tarekahf @giorod3