Forge CLI giving unsafe legacy renegotiation disabled error

YuChangLee · August 8, 2024, 4:26pm

I’m trying to follow the “create Forge hello world app” tutorial. However, when I run forge create, I get the following error:

Error: request to https://forge-templates.us-west-2.prod.public.atl-paas.net/templates.json failed, reason: write EPROTO 40C2210602000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:922:

If I just run “forge” with no arguments, I see the following error:

error: [LaunchDarkly] network error (Error: write EPROTO 40D2C30602000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:922:
)

I have tried to set the UnsafeLegacyRenegotiation in the openssl.cnf but that didn’t help. I don’t this problem with just running node or npm install. It only happens with the Forge CLI.

ChandanaMeka · August 9, 2024, 1:41pm

Hi @YuChangLee ,

I have come across similar posts in the past. Can you try this solution once and let us know if it worked or the issue still persists ?

YuChangLee · August 9, 2024, 2:43pm

Hi @ChandanaMeka
Thanks for the suggestion. I disabled IPv6 in my MacOS and still receiving the same error about openssl.

ChandanaMeka · August 9, 2024, 4:51pm

Thanks for confirming @YuChangLee. I will get back with an update early next week by discussing with the team. We have also made note of the support ticket raised and will update that as well.

ChandanaMeka · August 9, 2024, 5:03pm

Can you please once try upgrading the Node.js version and share what is coming up in forge create --verbose in the support ticket ?

YuChangLee · August 9, 2024, 7:03pm

@ChandanaMeka
My node is the lts version which is 20.16.0. That is not the issue.
I was able to resolve this problem by doing the following.

Create a file called nodejs_openssl.conf, save it anywhere.
Enter the following content in the file. Note the first line is nodejs_conf and not openssl_conf. openssl_conf is used for setting global openssl configurations. However, node (Forge CLI) does not read this config section, and only reads nodejs_conf.

nodejs_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyServerConnect

Set the following environment variables
export OPENSSL_CONF=<path to your nodejs_openssl.cn>