Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to share ticketKeys in secureContext #20908

Closed
DiegoTUI opened this issue May 23, 2018 · 7 comments
Closed

Unable to share ticketKeys in secureContext #20908

DiegoTUI opened this issue May 23, 2018 · 7 comments
Labels
crypto Issues and PRs related to the crypto subsystem. feature request Issues that request new features to be added to Node.js.

Comments

@DiegoTUI
Copy link
Contributor

  • 8.10.0:
  • Linux 4.13.0-37-generic rename node.js -> io.js #42~16.04.1-Ubuntu SMP Wed Mar 7 16:03:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux:
  • TLS:

I am trying to share the TLS ticketKeys among several servers running in cluster in order to enable the reuse of sessions regardless of the particular server receiving the request. Sharing ticketKeys among servers is quite straightforward when you create the servers using tls.createServer(), but in my case, I need to create the servers using net.createServer() and then wrap the incoming plain sockets with new TLSSocket().

The options parameter in new TLSSocket() allows you to enter a secureContext, but unfortunately there is no (published) way to share ticketKeys through secureContexts. I've peeked into the code, and discovered that there is an undocumented way to do it through secureContext.context.setTicketKeys(). I've even tested it and assessed that it works. But I don't dare to use it since it is not documented and could disappear with no previous notice. Could you please add a ticketKeys option to tls.createSecureContext() to enable the reuse of TLS sessions in cluster mode?

@bnoordhuis bnoordhuis added crypto Issues and PRs related to the crypto subsystem. feature request Issues that request new features to be added to Node.js. labels May 23, 2018
@bnoordhuis
Copy link
Member

Pull requests welcome, I think.

@silverwind
Copy link
Contributor

Agree, this looks like an oversight. I think we can move the ticketKeys option currently present on createServer to createSecureContext as the former inherits from the latter.

@ryzokuken
Copy link
Contributor

@DiegoTUI are you willing to make a PR for this or should I?

@ryzokuken
Copy link
Contributor

The docs do say that:

...: Any tls.createSecureContext() options can be provided. For servers, the identity options (pfx or key/cert) are usually required.

@ryzokuken
Copy link
Contributor

Okay, in Server.prototype.setOptions, we do have

if (options.ticketKeys) this.ticketKeys = options.ticketKeys;

ryzokuken added a commit to ryzokuken/node that referenced this issue May 23, 2018
There's a method to initialize a TLS Server using tls.createSever by
specifying a ticketKeys option, but none in the underlying constructor,
tls.createSecureContext.

This PR adds the ticketKeys option to tls.createSecureContext.

Fixes: nodejs#20908
@ryzokuken
Copy link
Contributor

@bnoordhuis @silverwind @DiegoTUI I made one at #20916, check it out.

@DiegoTUI
Copy link
Contributor Author

@ryzokuken wow!! that was fast!! Thanks!!

mkrawczuk added a commit to mkrawczuk/node that referenced this issue Jun 19, 2020
Added options: `ticketKeys` and `sessionTimeout`, that are honored by
`createServer`, that calls `createSecureContext`.

This also introduces a minor code simplification.

Fixes: nodejs#20908
MylesBorins pushed a commit that referenced this issue Jul 14, 2020
Added options: `ticketKeys` and `sessionTimeout`, that are honored by
`createServer`, that calls `createSecureContext`.

This also introduces a minor code simplification.

PR-URL: #33974
Fixes: #20908
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Ujjwal Sharma <ryzokuken@disroot.org>
MylesBorins pushed a commit that referenced this issue Jul 16, 2020
Added options: `ticketKeys` and `sessionTimeout`, that are honored by
`createServer`, that calls `createSecureContext`.

This also introduces a minor code simplification.

PR-URL: #33974
Fixes: #20908
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Ujjwal Sharma <ryzokuken@disroot.org>
addaleax pushed a commit that referenced this issue Sep 22, 2020
Added options: `ticketKeys` and `sessionTimeout`, that are honored by
`createServer`, that calls `createSecureContext`.

This also introduces a minor code simplification.

PR-URL: #33974
Fixes: #20908
Reviewed-By: Alba Mendez <me@alba.sh>
Reviewed-By: Ujjwal Sharma <ryzokuken@disroot.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
crypto Issues and PRs related to the crypto subsystem. feature request Issues that request new features to be added to Node.js.
Projects
None yet
4 participants