how to pass secure options?

[pcace]

Hi there,
i am having a problem, that i cannot query data from a server due to this problem:
nodejs/node#45378 (comment)

i guess i need to pass secureoptions to the query, to be able to get around this problem.
how would i do that with got? currently i fetch data very basic like so:

      const gotFetched = await got(requestGetFeature).text().catch((e) => {
        console.log(e)
      return e})

and i would need to add this somehow to the function: secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT

this does not work:

      const options = { secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT
      };
      const gotFetched = await got(requestGetFeature, options).text().catch((e) => {
        console.log(e)
      return e})

any idea would be great!!

[sindresorhus]

You need to pass secureOptions inside the https options object:

import crypto from 'node:crypto';
import got from 'got';

const gotFetched = await got(requestGetFeature, {
	https: {
		secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT
	}
}).text().catch((e) => {
	console.log(e);
	return e;
});

The https object is where all TLS/SSL-related options go in Got. This includes things like rejectUnauthorized, certificateAuthority, secureOptions, etc.

If you have other options you want to merge, you can combine them:

const options = {
	https: {
		secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT
	},
	timeout: {
		request: 10000
	}
	// ... other options
};

const gotFetched = await got(requestGetFeature, options).text();

Note that SSL_OP_LEGACY_SERVER_CONNECT is used to connect to servers that don't support secure renegotiation, which has security implications. Idealy the server should be updated, but this will work as a workaround.