Unable to connect MKS via ssl with node 18

[AnirudhaGohokar]

Environment Information

• OS [e.g. Mac, Arch, Windows 10]: Alpine
• Node Version [e.g. 8.2.1]: 18.9
• node-rdkafka version [e.g. 2.3.3]: 2.16

Looks like there's a openssl comptability issue with librdkafka when using node 18.9. It works fine with node 12. Giving below error with node 18:

{"message":"Failed to parse ssl.keystore.location PKCS#12 file: /usr/../kafka.client.keystore.jks: error:0308010C:digital envelope routines::unsupported: Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()","code":-172,"errno":-172,"origin":"kafka","stack":"Error: Failed to parse ssl.keystore.location PKCS#12 file: /usr/src../kafka.client.keystore.jks: error:0308010C:digital envelope routines::unsupported: Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()\n    at Function.createLibrdkafkaError [as create] (/usr/src/app/node_modules/node-rdkafka/lib/error.js:456:10)\n    at /usr/src/app/node_modules/node-rdkafka/lib/client.js:196:28"}

[AnirudhaGohokar]

Okay seems like the issue is with my keystore key which is not compatible with node 18.

openssl pkcs12 -in kafka.client.keystore.jks //gives error

With legacy attr it works perfectly

openssl pkcs12 -in kafka.client.keystore.jks --legacy //works

I will try to overrite openssl to enable legacy support. Will get back if this fixes or not.

[coocos]

Yeah, the problem is that the keystore uses a legacy algorithm. A workaround is to enable the legacy provider in Node 18 through the NODE_OPTIONS environment variable, e.g. export NODE_OPTIONS=--openssl-legacy-provider.

[mreouven]

i get Segmentation fault (core dumped)