Trouble with npm publish after setting up Azure Artifacts feed

Question

I am encountering an issue with npm install and npm publish in my Node.js project after configuring authentication with an Azure Artifacts feed. I have followed the documentation and added the necessary entries to my user and project level .npmrc file

However, when attempting to run npm install or npm publish, I am getting the following error:

44 verbose type system
45 verbose stack FetchError: request to https://devops.XXXXXX.com/XXXXXXXXX/_packaging/logger/npm/registry/http-utility failed, reason: 8085940301000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:ssl/statem/extensions.c:893:
45 verbose stack
45 verbose stack     at ClientRequest.<anonymous> (/opt/homebrew/lib/node_modules/npm/node_modules/minipass-fetch/lib/index.js:130:14)
45 verbose stack     at ClientRequest.emit (node:events:514:28)
45 verbose stack     at _destroy (node:_http_client:875:13)
45 verbose stack     at onSocketNT (node:_http_client:895:5)
45 verbose stack     at process.processTicksAndRejections (node:internal/process/task_queues:83:21)
46 verbose cwd /Users/bhavesh1.gupta/Desktop/untitled folder/http-utility
47 verbose Darwin 21.6.0
48 verbose node v20.8.0
49 verbose npm  v10.2.5
50 error code ERR_SSL_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
51 error errno ERR_SSL_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
52 error request to https://devops.XXXXXXX.com/XXXXXXXX/_packaging/logger/npm/registry/http-utility failed, reason: 8085940301000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:ssl/statem/extensions.c:893:
52 error
53 verbose exit 1
54 timing config:load:flatten Completed in 4ms
55 timing npm Completed in 70505ms
56 verbose code 1

My setup includes Node.js v20.8.0 and npm v10.2.5. I am developing on macOS

I tried npm config set strict-ssl false. But its not working I have searched online but haven't found a solution to this specific error. Any insights or guidance on resolving this issue would be greatly appreciated.

Thank you in advance!

Answer 1

reason: 8085940301000000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:ssl/statem/extensions.c:893:

From the error message, the issue could be related to the changes when using the node version higher than node 17.

In Node v17 and higher, OpenSSL has been updated to v3.0.7. SSL_OP_LEGACY_SERVER_CONNECT is the option that went from enabled by default in OpenSSL 1.1.1 to disabled by default in OpenSSL 3.0.

Refer to the following methods and check if it can work:

Method1: Create openssl.cnf and add Options = UnsafeLegacyRenegotiation

Here are the steps:

Stpe1: Create a custom openssl.cnf file in any directory with these contents:

openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

Step2: Run the command: OPENSSL_CONF=/path/to/custom/openssl.cnf before you running the npm command.

For example:

export OPENSSL_CONF=/path/to/custom/openssl.cnf

npn install/npm publish

Method2: You can try to downgrade the node version from v20.8.0 to v16.x and check if it can work.