Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPS Feature request: Hotswap TLS certificates #10349

Closed
fresheneesz opened this issue Dec 20, 2016 · 6 comments
Closed

HTTPS Feature request: Hotswap TLS certificates #10349

fresheneesz opened this issue Dec 20, 2016 · 6 comments
Labels
duplicate Issues and PRs that are duplicates of other issues or PRs. feature request Issues that request new features to be added to Node.js. tls Issues and PRs related to the tls subsystem.

Comments

@fresheneesz
Copy link

I'd like to suggest that there be a way to swap out your TLS certificate (and TLS keys would be nice as well) without bringing your server down. This would enable me to properly do fully-automatic certificate renewal with something like Lets' Encrypt. Existing connections could keep using the old cert, but new connections would use the new one. Should be possible, right?
@addaleax addaleax added feature request Issues that request new features to be added to Node.js. tls Issues and PRs related to the tls subsystem. labels Dec 20, 2016
@mscdex
Copy link
Contributor

mscdex commented Dec 20, 2016

Isn't this already possible via SNICallback?

@fresheneesz
Copy link
Author

Ooo, looks like it is.. I'll have to try that.

@sam-github
Copy link
Contributor

sam-github commented Dec 20, 2016
edited
Loading

The docs say the SNICallback is only used if the client uses the SNI extension. Is that wrong? Will the SNICallback be used for every TLS handshake if defined?

@mscdex
Copy link
Contributor

mscdex commented Dec 20, 2016
edited
Loading

@sam-github Not wrong, but almost all modern clients are SNI-capable. There is an example supported client table here FWIW.

@addaleax
Copy link
Member

See also #4464 (which makes sound like a duplicate of that?)

@bnoordhuis
Copy link
Member

Closing as duplicate of #4464.

@bnoordhuis bnoordhuis added the duplicate Issues and PRs that are duplicates of other issues or PRs. label Apr 26, 2017
@cjihrig cjihrig mentioned this issue Oct 13, 2018
Merged
4 tasks
cjihrig added a commit to cjihrig/node that referenced this issue Oct 21, 2018
@cjihrig
tls: support changing credentials dynamically
96a986d 
This commit adds a setSecureContext() method to TLS servers. In
order to maintain backwards compatibility, the method takes the
options needed to create a new SecureContext, rather than an
instance of SecureContext.

Fixes: nodejs#4464
Refs: nodejs#10349
Refs: nodejs/help#603
Refs: nodejs#15115
PR-URL: nodejs#23644
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
jasnell pushed a commit that referenced this issue Oct 21, 2018
@cjihrig @jasnell
tls: support changing credentials dynamically
bed4a8c 
This commit adds a setSecureContext() method to TLS servers. In
order to maintain backwards compatibility, the method takes the
options needed to create a new SecureContext, rather than an
instance of SecureContext.

Fixes: #4464
Refs: #10349
Refs: nodejs/help#603
Refs: #15115
PR-URL: #23644
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
sam-github pushed a commit to sam-github/node that referenced this issue Apr 29, 2019
@cjihrig @sam-github
tls: support changing credentials dynamically
f47e208 
This commit adds a setSecureContext() method to TLS servers. In
order to maintain backwards compatibility, the method takes the
options needed to create a new SecureContext, rather than an
instance of SecureContext.

Fixes: nodejs#4464
Refs: nodejs#10349
Refs: nodejs/help#603
Refs: nodejs#15115
PR-URL: nodejs#23644
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate Issues and PRs that are duplicates of other issues or PRs. feature request Issues that request new features to be added to Node.js. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sam-github @mscdex @fresheneesz @bnoordhuis @addaleax