From d0d1a057ec4aeb67a56d85979f6f8cd34fba445a Mon Sep 17 00:00:00 2001 From: Mateusz Krawczuk Date: Fri, 19 Jun 2020 18:41:00 +0200 Subject: [PATCH] tls: make 'createSecureContext' honor more options. Added options: `ticketKeys` and `sessionTimeout`, that are honored by `createServer`, that calls `createSecureContext`. This also introduces a minor code simplification. Fixes: #20908 --- doc/api/tls.md | 5 +++++ lib/_tls_common.js | 8 ++++++++ lib/_tls_wrap.js | 18 +++++++++--------- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/doc/api/tls.md b/doc/api/tls.md index e294a75f919a3d..80af3d659d5e72 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -1622,6 +1622,11 @@ changes: **Default:** none, see `minVersion`. * `sessionIdContext` {string} Opaque identifier used by servers to ensure session state is not shared between applications. Unused by clients. + * `ticketKeys`: {Buffer} 48-bytes of cryptographically strong pseudo-random + data. See [Session Resumption][] for more information. + * `sessionTimeout` {number} The number of seconds after which a TLS session + created by the server will no longer be resumable. See + [Session Resumption][] for more information. **Default:** `300`. [`tls.createServer()`][] sets the default value of the `honorCipherOrder` option to `true`, other APIs that create secure contexts leave it unset. diff --git a/lib/_tls_common.js b/lib/_tls_common.js index 9f7747c1b52848..b7a3b70a240479 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -294,6 +294,14 @@ exports.createSecureContext = function createSecureContext(options) { options.clientCertEngine); } + if (options.ticketKeys) { + c.context.setTicketKeys(options.ticketKeys); + } + + if (options.sessionTimeout) { + c.context.setSessionTimeout(options.sessionTimeout); + } + return c; }; diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 02fd7b002651c3..9d82a893090124 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -1315,6 +1315,12 @@ Server.prototype.setSecureContext = function(options) { .slice(0, 32); } + if (options.sessionTimeout) + this.sessionTimeout = options.sessionTimeout; + + if (options.ticketKeys) + this.ticketKeys = options.ticketKeys; + this._sharedCreds = tls.createSecureContext({ pfx: this.pfx, key: this.key, @@ -1332,16 +1338,10 @@ Server.prototype.setSecureContext = function(options) { secureOptions: this.secureOptions, honorCipherOrder: this.honorCipherOrder, crl: this.crl, - sessionIdContext: this.sessionIdContext + sessionIdContext: this.sessionIdContext, + ticketKeys: this.ticketKeys, + sessionTimeout: this.sessionTimeout }); - - if (this.sessionTimeout) - this._sharedCreds.context.setSessionTimeout(this.sessionTimeout); - - if (options.ticketKeys) { - this.ticketKeys = options.ticketKeys; - this.setTicketKeys(this.ticketKeys); - } };