Skip to content

Commit

Permalink
doc: warn that tls.connect() doesn't set SNI
Browse files Browse the repository at this point in the history 
Add a note warning users that when using tls.connect(),
the `servername` option must be set explicitely to enable
SNI, otherwise the connection could fail.

PR-URL: #33855
Fixes: #28167
Co-authored-by: Denys Otrishko <shishugi@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
  • Loading branch information
@mildsunrise @lundibundi
mildsunrise and lundibundi committed Jun 22, 2020
1 parent 54374d4 commit b8ea471
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions doc/api/tls.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1399,6 +1399,12 @@ The `callback` function, if specified, will be added as a listener for the

`tls.connect()` returns a [`tls.TLSSocket`][] object.

Unlike the `https` API, `tls.connect()` does not enable the
SNI (Server Name Indication) extension by default, which may cause some
servers to return an incorrect certificate or reject the connection
altogether. To enable SNI, set the `servername` option in addition
to `host`.

The following illustrates a client for the echo server example from
[`tls.createServer()`][]:

Expand Down

0 comments on commit b8ea471

Please sign in to comment.