From a89bcf72fb577105ef6cfae1b8058c8823493690 Mon Sep 17 00:00:00 2001 From: Mateusz Krawczuk Date: Fri, 19 Jun 2020 18:41:00 +0200 Subject: [PATCH] tls: make 'createSecureContext' honor more options Added options: `ticketKeys` and `sessionTimeout`, that are honored by `createServer`, that calls `createSecureContext`. This also introduces a minor code simplification. PR-URL: https://github.com/nodejs/node/pull/33974 Fixes: https://github.com/nodejs/node/issues/20908 Reviewed-By: Alba Mendez Reviewed-By: Ujjwal Sharma --- doc/api/tls.md | 5 +++++ lib/_tls_common.js | 8 ++++++++ lib/_tls_wrap.js | 18 +++++++++--------- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/doc/api/tls.md b/doc/api/tls.md index a9038c05384776..6c4d6cc63370da 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1638,6 +1638,11 @@ changes: **Default:** none, see `minVersion`. * `sessionIdContext` {string} Opaque identifier used by servers to ensure session state is not shared between applications. Unused by clients. + * `ticketKeys`: {Buffer} 48-bytes of cryptographically strong pseudo-random + data. See [Session Resumption][] for more information. + * `sessionTimeout` {number} The number of seconds after which a TLS session + created by the server will no longer be resumable. See + [Session Resumption][] for more information. **Default:** `300`. [`tls.createServer()`][] sets the default value of the `honorCipherOrder` option to `true`, other APIs that create secure contexts leave it unset. diff --git a/lib/_tls_common.js b/lib/_tls_common.js index 9f7747c1b52848..b7a3b70a240479 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -294,6 +294,14 @@ exports.createSecureContext = function createSecureContext(options) { options.clientCertEngine); } + if (options.ticketKeys) { + c.context.setTicketKeys(options.ticketKeys); + } + + if (options.sessionTimeout) { + c.context.setSessionTimeout(options.sessionTimeout); + } + return c; }; diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 7031bc5047a47e..c5f30c01fa18e7 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -1314,6 +1314,12 @@ Server.prototype.setSecureContext = function(options) { .slice(0, 32); } + if (options.sessionTimeout) + this.sessionTimeout = options.sessionTimeout; + + if (options.ticketKeys) + this.ticketKeys = options.ticketKeys; + this._sharedCreds = tls.createSecureContext({ pfx: this.pfx, key: this.key, @@ -1331,16 +1337,10 @@ Server.prototype.setSecureContext = function(options) { secureOptions: this.secureOptions, honorCipherOrder: this.honorCipherOrder, crl: this.crl, - sessionIdContext: this.sessionIdContext + sessionIdContext: this.sessionIdContext, + ticketKeys: this.ticketKeys, + sessionTimeout: this.sessionTimeout }); - - if (this.sessionTimeout) - this._sharedCreds.context.setSessionTimeout(this.sessionTimeout); - - if (options.ticketKeys) { - this.ticketKeys = options.ticketKeys; - this.setTicketKeys(this.ticketKeys); - } };