-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to share ticketKeys in secureContext #20908
Comments
Pull requests welcome, I think. |
Agree, this looks like an oversight. I think we can move the |
@DiegoTUI are you willing to make a PR for this or should I? |
The docs do say that:
|
Okay, in if (options.ticketKeys) this.ticketKeys = options.ticketKeys; |
There's a method to initialize a TLS Server using tls.createSever by specifying a ticketKeys option, but none in the underlying constructor, tls.createSecureContext. This PR adds the ticketKeys option to tls.createSecureContext. Fixes: nodejs#20908
@bnoordhuis @silverwind @DiegoTUI I made one at #20916, check it out. |
@ryzokuken wow!! that was fast!! Thanks!! |
Added options: `ticketKeys` and `sessionTimeout`, that are honored by `createServer`, that calls `createSecureContext`. This also introduces a minor code simplification. Fixes: nodejs#20908
Added options: `ticketKeys` and `sessionTimeout`, that are honored by `createServer`, that calls `createSecureContext`. This also introduces a minor code simplification. PR-URL: #33974 Fixes: #20908 Reviewed-By: Alba Mendez <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]>
Added options: `ticketKeys` and `sessionTimeout`, that are honored by `createServer`, that calls `createSecureContext`. This also introduces a minor code simplification. PR-URL: #33974 Fixes: #20908 Reviewed-By: Alba Mendez <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]>
Added options: `ticketKeys` and `sessionTimeout`, that are honored by `createServer`, that calls `createSecureContext`. This also introduces a minor code simplification. PR-URL: #33974 Fixes: #20908 Reviewed-By: Alba Mendez <[email protected]> Reviewed-By: Ujjwal Sharma <[email protected]>
I am trying to share the TLS
ticketKeys
among several servers running in cluster in order to enable the reuse of sessions regardless of the particular server receiving the request. SharingticketKeys
among servers is quite straightforward when you create the servers usingtls.createServer()
, but in my case, I need to create the servers usingnet.createServer()
and then wrap the incoming plain sockets withnew TLSSocket()
.The
options
parameter innew TLSSocket()
allows you to enter asecureContext
, but unfortunately there is no (published) way to shareticketKeys
throughsecureContext
s. I've peeked into the code, and discovered that there is an undocumented way to do it throughsecureContext.context.setTicketKeys()
. I've even tested it and assessed that it works. But I don't dare to use it since it is not documented and could disappear with no previous notice. Could you please add aticketKeys
option totls.createSecureContext()
to enable the reuse of TLS sessions in cluster mode?The text was updated successfully, but these errors were encountered: