-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTPS Feature request: Hotswap TLS certificates #10349
Comments
Isn't this already possible via |
Ooo, looks like it is.. I'll have to try that. |
The docs say the SNICallback is only used if the client uses the SNI extension. Is that wrong? Will the SNICallback be used for every TLS handshake if defined? |
@sam-github Not wrong, but almost all modern clients are SNI-capable. There is an example supported client table here FWIW. |
See also #4464 (which makes sound like a duplicate of that?) |
Closing as duplicate of #4464. |
This commit adds a setSecureContext() method to TLS servers. In order to maintain backwards compatibility, the method takes the options needed to create a new SecureContext, rather than an instance of SecureContext. Fixes: nodejs#4464 Refs: nodejs#10349 Refs: nodejs/help#603 Refs: nodejs#15115 PR-URL: nodejs#23644 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit adds a setSecureContext() method to TLS servers. In order to maintain backwards compatibility, the method takes the options needed to create a new SecureContext, rather than an instance of SecureContext. Fixes: #4464 Refs: #10349 Refs: nodejs/help#603 Refs: #15115 PR-URL: #23644 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit adds a setSecureContext() method to TLS servers. In order to maintain backwards compatibility, the method takes the options needed to create a new SecureContext, rather than an instance of SecureContext. Fixes: nodejs#4464 Refs: nodejs#10349 Refs: nodejs/help#603 Refs: nodejs#15115 PR-URL: nodejs#23644 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
I'd like to suggest that there be a way to swap out your TLS certificate (and TLS keys would be nice as well) without bringing your server down. This would enable me to properly do fully-automatic certificate renewal with something like Lets' Encrypt. Existing connections could keep using the old cert, but new connections would use the new one. Should be possible, right?
The text was updated successfully, but these errors were encountered: