From 3ae5aeebf081dd474e84859852189ed26d7fadac Mon Sep 17 00:00:00 2001 From: Alba Mendez Date: Fri, 12 Jun 2020 13:25:04 +0200 Subject: [PATCH 1/2] doc: warn that tls.connect() doesn't set SNI Add a note warning users that when using tls.connect(), the `servername` option must be set explicitely to enable SNI, otherwise the connection could fail. Fixes: https://github.com/nodejs/node/issues/28167 --- doc/api/tls.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/api/tls.md b/doc/api/tls.md index c29dfcb48ae58f..8636ce6fffe74f 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1402,6 +1402,12 @@ The `callback` function, if specified, will be added as a listener for the `tls.connect()` returns a [`tls.TLSSocket`][] object. +**Note:** Unlike the `https` API, `tls.connect()` does not enable the +SNI (Server Name Indication) extension by default, which may cause some +servers to return an incorrect certificate or reject the connection +altogether. To enable SNI, set the `servername` option in addition +to `host`. + The following illustrates a client for the echo server example from [`tls.createServer()`][]: From 6cea53421634461fa2190d593adf8f3e577351e0 Mon Sep 17 00:00:00 2001 From: Alba Mendez Date: Fri, 12 Jun 2020 22:48:35 +0200 Subject: [PATCH 2/2] Update doc/api/tls.md Co-authored-by: Denys Otrishko --- doc/api/tls.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/api/tls.md b/doc/api/tls.md index 8636ce6fffe74f..7c8debfa0c3d53 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1402,7 +1402,7 @@ The `callback` function, if specified, will be added as a listener for the `tls.connect()` returns a [`tls.TLSSocket`][] object. -**Note:** Unlike the `https` API, `tls.connect()` does not enable the +Unlike the `https` API, `tls.connect()` does not enable the SNI (Server Name Indication) extension by default, which may cause some servers to return an incorrect certificate or reject the connection altogether. To enable SNI, set the `servername` option in addition