From 6dc541778ea4c17ddc381773a65bb9b3ee577270 Mon Sep 17 00:00:00 2001 From: Alba Mendez Date: Fri, 12 Jun 2020 13:25:04 +0200 Subject: [PATCH] doc: warn that tls.connect() doesn't set SNI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add a note warning users that when using tls.connect(), the `servername` option must be set explicitely to enable SNI, otherwise the connection could fail. PR-URL: https://github.com/nodejs/node/pull/33855 Fixes: https://github.com/nodejs/node/issues/28167 Co-authored-by: Denys Otrishko Reviewed-By: Robert Nagy Reviewed-By: Denys Otrishko Reviewed-By: James M Snell Reviewed-By: Tobias Nießen --- doc/api/tls.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/api/tls.md b/doc/api/tls.md index 6368e93d76719b..f8e9edb78a77c3 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1403,6 +1403,12 @@ The `callback` function, if specified, will be added as a listener for the `tls.connect()` returns a [`tls.TLSSocket`][] object. +Unlike the `https` API, `tls.connect()` does not enable the +SNI (Server Name Indication) extension by default, which may cause some +servers to return an incorrect certificate or reject the connection +altogether. To enable SNI, set the `servername` option in addition +to `host`. + The following illustrates a client for the echo server example from [`tls.createServer()`][]: