Skip to content

Commit

Permalink
tls: make 'createSecureContext' honor more options
Browse files Browse the repository at this point in the history
Added options: `ticketKeys` and `sessionTimeout`, that are honored by
`createServer`, that calls `createSecureContext`.

This also introduces a minor code simplification.

PR-URL: #33974
Fixes: #20908
Reviewed-By: Alba Mendez <[email protected]>
Reviewed-By: Ujjwal Sharma <[email protected]>
  • Loading branch information
mkrawczuk authored and addaleax committed Sep 22, 2020
1 parent 19b55be commit 9b27933
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 9 deletions.
5 changes: 5 additions & 0 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -1685,6 +1685,11 @@ changes:
**Default:** none, see `minVersion`.
* `sessionIdContext` {string} Opaque identifier used by servers to ensure
session state is not shared between applications. Unused by clients.
* `ticketKeys`: {Buffer} 48-bytes of cryptographically strong pseudo-random
data. See [Session Resumption][] for more information.
* `sessionTimeout` {number} The number of seconds after which a TLS session
created by the server will no longer be resumable. See
[Session Resumption][] for more information. **Default:** `300`.

[`tls.createServer()`][] sets the default value of the `honorCipherOrder` option
to `true`, other APIs that create secure contexts leave it unset.
Expand Down
8 changes: 8 additions & 0 deletions lib/_tls_common.js
Original file line number Diff line number Diff line change
Expand Up @@ -294,6 +294,14 @@ exports.createSecureContext = function createSecureContext(options) {
options.clientCertEngine);
}

if (options.ticketKeys) {
c.context.setTicketKeys(options.ticketKeys);
}

if (options.sessionTimeout) {
c.context.setSessionTimeout(options.sessionTimeout);
}

return c;
};

Expand Down
18 changes: 9 additions & 9 deletions lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -1317,6 +1317,12 @@ Server.prototype.setSecureContext = function(options) {
.slice(0, 32);
}

if (options.sessionTimeout)
this.sessionTimeout = options.sessionTimeout;

if (options.ticketKeys)
this.ticketKeys = options.ticketKeys;

this._sharedCreds = tls.createSecureContext({
pfx: this.pfx,
key: this.key,
Expand All @@ -1334,16 +1340,10 @@ Server.prototype.setSecureContext = function(options) {
secureOptions: this.secureOptions,
honorCipherOrder: this.honorCipherOrder,
crl: this.crl,
sessionIdContext: this.sessionIdContext
sessionIdContext: this.sessionIdContext,
ticketKeys: this.ticketKeys,
sessionTimeout: this.sessionTimeout
});

if (this.sessionTimeout)
this._sharedCreds.context.setSessionTimeout(this.sessionTimeout);

if (options.ticketKeys) {
this.ticketKeys = options.ticketKeys;
this.setTicketKeys(this.ticketKeys);
}
};


Expand Down

0 comments on commit 9b27933

Please sign in to comment.