axios-http2-adapter icon indicating copy to clipboard operation
axios-http2-adapter copied to clipboard

Published 20 hours ago verified publisher icon uibakery

`http2.Agent(opts)`, `opts` prop not respected

Open skilbjo opened this issue 4 months ago • 0 comments

hi, when i pass in properties to http2.Agent per the README, i can confirm that these properties are not respected

as you can see, i try to force TLSv1.2; but the connection is over TLSv1.3 and the ciphers are not respected - any idea why ?

the website https://check.ja3.zone/ is v helpful for seeing the connection details

here is a POC

script.mjs

import https from 'node:https';
import tls from 'node:tls';
import axios from 'axios';
import { createHTTP2Adapter } from 'axios-http2-adapter';
import http2 from 'http2-wrapper';

const defaultCiphers = tls.DEFAULT_CIPHERS.split(':');
const shuffledCiphers = [
  defaultCiphers[0],
  defaultCiphers[2],
  defaultCiphers[1],
  ...defaultCiphers.slice(3, 5),
].join(':');

const opts = {
  ciphers: shuffledCiphers,
  honorCipherOrder: true,
  maxVersion: 'TLSv1.2',
  minVersion: 'TLSv1.2',
};

export const userAgent = {
  'User-Agent':
    'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0',
};

export const defaultHeaders = {
  ...userAgent,
  Accept: '*/*',
  'Accept-Encoding': 'identity',
  'Accept-Language': 'en-GB,en;q=0.9',
};

// eslint-disable-next-line @typescript-eslint/no-floating-promises
(async () => {
  try {
    console.log({ opts });

    const response = await axios.request({
      adapter: createHTTP2Adapter({
        agent: new http2.Agent(opts),
        force: true, // Force HTTP/2 without ALPN check - adapter will not check whether the endpoint supports http2 before the request
      }),
      headers: {
        ...defaultHeaders,
      },
      // httpsAgent: new https.Agent(opts),
      method: 'GET',
      url: 'https://check.ja3.zone/',
    });

    console.log({
      headers: response.headers,
      response: response.data,
    });
  } catch (error) {
    console.error(error);
  }
})();

output

{
  opts: {
    ciphers: 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256',
    honorCipherOrder: true,
    maxVersion: 'TLSv1.2',
    minVersion: 'TLSv1.2'
  }
}
{
  headers: Object [AxiosHeaders] {
    ':status: 200\ncontent-length: 1888\ncontent-type: application/json\naccess-control-allow-origin: *': undefined
  },
  response: {
    hash: '1a28e69016765d92e3b381168d68922c',
    fingerprint: '771,4866-4867-4865-49199-49195-49200-49196-158-49191-103-49192-107-163-159-52393-52392-52394-49327-49325-49315-49311-49245-49249-49239-49235-162-49326-49324-49314-49310-49244-49248-49238-49234-49188-106-49187-64-49162-49172-57-56-49161-49171-51-50-157-49313-49309-49233-156-49312-49308-49232-61-60-53-47-255,0-11-10-35-16-22-23-13-43-45-51,29-23-30-25-24-256-257-258-259-260,0-1-2',
    ciphers: 'TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-GCM-SHA384,DHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA256,DHE-RSA-AES128-SHA256,ECDHE-RSA-AES256-SHA384,DHE-RSA-AES256-SHA256,DHE-DSS-AES256-GCM-SHA384,DHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,DHE-RSA-CHACHA20-POLY1305,ECDHE-ECDSA-AES256-CCM8,ECDHE-ECDSA-AES256-CCM,DHE-RSA-AES256-CCM8,DHE-RSA-AES256-CCM,ECDHE-ECDSA-ARIA256-GCM-SHA384,ECDHE-ARIA256-GCM-SHA384,DHE-DSS-ARIA256-GCM-SHA384,DHE-RSA-ARIA256-GCM-SHA384,DHE-DSS-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-CCM8,ECDHE-ECDSA-AES128-CCM,DHE-RSA-AES128-CCM8,DHE-RSA-AES128-CCM,ECDHE-ECDSA-ARIA128-GCM-SHA256,ECDHE-ARIA128-GCM-SHA256,DHE-DSS-ARIA128-GCM-SHA256,DHE-RSA-ARIA128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,DHE-DSS-AES256-SHA256,ECDHE-ECDSA-AES128-SHA256,DHE-DSS-AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,AES256-GCM-SHA384,AES256-CCM8,AES256-CCM,ARIA256-GCM-SHA384,AES128-GCM-SHA256,AES128-CCM8,AES128-CCM,ARIA128-GCM-SHA256,AES256-SHA256,AES128-SHA256,AES256-SHA,AES128-SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV',
    curves: '001D:0017:001E:0019:0018:0100:0101:0102:0103:0104',
    protocol: 'TLSv1.3',
    user_agent: 'axios/1.6.7'
  }
}

if you comment the adapter above, and uncomment the httpsAgent above, you get the desired output (but connection was made over HTTP/1

      // adapter: createHTTP2Adapter({
        // agent: new http2.Agent(opts),
        // force: true, // Force HTTP/2 without ALPN check - adapter will not check whether the endpoint supports http2 before the request
      // }),
      httpsAgent: new https.Agent(opts),
=>

{
  headers: Object [AxiosHeaders] {
    'content-length': '381',
    'content-type': 'application/json',
    'access-control-allow-origin': '*',
    connection: 'close'
  },
  response: {
    hash: '9743f7cbdeb0092a2e166eebb1d57aec',
    fingerprint: '771,49199-49195-255,0-11-10-35-22-23-13,29-23-30-25-24,0-1-2',
    ciphers: 'ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,TLS_EMPTY_RENEGOTIATION_INFO_SCSV',
    curves: '001D:0017:001E:0019:0018',
    protocol: 'TLSv1.2',
    user_agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/113.0'
  }
}

skilbjo avatar Mar 07 '24 14:03 skilbjo