ARTIFACTORY: Why am I observing “unsafe legacy renegotiation disabled” during NPM install?

ARTIFACTORY: Why am I observing “unsafe legacy renegotiation disabled” during NPM install?

AuthorFullName__c
Janardhana JL
articleNumber
000005766
ft:sourceType
Salesforce
FirstPublishedDate
2023-06-07T06:46:05Z
lastModifiedDate
2023-06-06
VersionNumber
1

While installing an NPM package using the latest NPM and Node version (17.x and above) we could notice the below error in the NPM client output.

npm ERR! request to https://artifactory.com/artifactory/api/npm/npm_repo/package failed, reason: write EPROTO C04739938B7F0000:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:922:
The error message "unsafe legacy renegotiation is disabled”, suggests that there is an issue with SSL renegotiation between the client and the Artifactory server and the renegotiation protocol used by the client is outdated.

Please be informed that this is a limitation by the node client side, node version 17 and above will not support the OpenSSL option to accept legacy servers, which is leading to this error and it uses the latest version of OpenSSL - v3.0. This new version of Node (anything v17 and up) disables “unsafe legacy renegotiation” CVE: 2009-3555 to prevent man in the middle attacks.