Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPS Feature request: Hotswap TLS certificates #10349

Closed
fresheneesz opened this issue Dec 20, 2016 · 6 comments
Closed

HTTPS Feature request: Hotswap TLS certificates #10349

fresheneesz opened this issue Dec 20, 2016 · 6 comments
Labels
duplicate Issues and PRs that are duplicates of other issues or PRs. feature request Issues that request new features to be added to Node.js. tls Issues and PRs related to the tls subsystem.

Comments

@fresheneesz
Copy link

I'd like to suggest that there be a way to swap out your TLS certificate (and TLS keys would be nice as well) without bringing your server down. This would enable me to properly do fully-automatic certificate renewal with something like Lets' Encrypt. Existing connections could keep using the old cert, but new connections would use the new one. Should be possible, right?

@addaleax addaleax added feature request Issues that request new features to be added to Node.js. tls Issues and PRs related to the tls subsystem. labels Dec 20, 2016
@mscdex
Copy link
Contributor

mscdex commented Dec 20, 2016

Isn't this already possible via SNICallback?

@fresheneesz
Copy link
Author

Ooo, looks like it is.. I'll have to try that.

@sam-github
Copy link
Contributor

sam-github commented Dec 20, 2016

The docs say the SNICallback is only used if the client uses the SNI extension. Is that wrong? Will the SNICallback be used for every TLS handshake if defined?

@mscdex
Copy link
Contributor

mscdex commented Dec 20, 2016

@sam-github Not wrong, but almost all modern clients are SNI-capable. There is an example supported client table here FWIW.

@addaleax
Copy link
Member

See also #4464 (which makes sound like a duplicate of that?)

@bnoordhuis
Copy link
Member

Closing as duplicate of #4464.

@bnoordhuis bnoordhuis added the duplicate Issues and PRs that are duplicates of other issues or PRs. label Apr 26, 2017
cjihrig added a commit to cjihrig/node that referenced this issue Oct 21, 2018
This commit adds a setSecureContext() method to TLS servers. In
order to maintain backwards compatibility, the method takes the
options needed to create a new SecureContext, rather than an
instance of SecureContext.

Fixes: nodejs#4464
Refs: nodejs#10349
Refs: nodejs/help#603
Refs: nodejs#15115
PR-URL: nodejs#23644
Reviewed-By: Ben Noordhuis <[email protected]>
jasnell pushed a commit that referenced this issue Oct 21, 2018
This commit adds a setSecureContext() method to TLS servers. In
order to maintain backwards compatibility, the method takes the
options needed to create a new SecureContext, rather than an
instance of SecureContext.

Fixes: #4464
Refs: #10349
Refs: nodejs/help#603
Refs: #15115
PR-URL: #23644
Reviewed-By: Ben Noordhuis <[email protected]>
sam-github pushed a commit to sam-github/node that referenced this issue Apr 29, 2019
This commit adds a setSecureContext() method to TLS servers. In
order to maintain backwards compatibility, the method takes the
options needed to create a new SecureContext, rather than an
instance of SecureContext.

Fixes: nodejs#4464
Refs: nodejs#10349
Refs: nodejs/help#603
Refs: nodejs#15115
PR-URL: nodejs#23644
Reviewed-By: Ben Noordhuis <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
duplicate Issues and PRs that are duplicates of other issues or PRs. feature request Issues that request new features to be added to Node.js. tls Issues and PRs related to the tls subsystem.
Projects
None yet
Development

No branches or pull requests

5 participants