Skip to content

Commit

Permalink
doc: warn that tls.connect() doesn't set SNI
Browse files Browse the repository at this point in the history
Add a note warning users that when using tls.connect(),
the `servername` option must be set explicitely to enable
SNI, otherwise the connection could fail.

PR-URL: #33855
Fixes: #28167
Co-authored-by: Denys Otrishko <shishugi@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
  • Loading branch information
2 people authored and codebytere committed Jun 27, 2020
1 parent 6014e4e commit 6dc5417
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -1403,6 +1403,12 @@ The `callback` function, if specified, will be added as a listener for the

`tls.connect()` returns a [`tls.TLSSocket`][] object.

Unlike the `https` API, `tls.connect()` does not enable the
SNI (Server Name Indication) extension by default, which may cause some
servers to return an incorrect certificate or reject the connection
altogether. To enable SNI, set the `servername` option in addition
to `host`.

The following illustrates a client for the echo server example from
[`tls.createServer()`][]:

Expand Down

0 comments on commit 6dc5417

Please sign in to comment.