Unable to share ticketKeys in secureContext

[DiegoTUI]

• 8.10.0:
• Linux 4.13.0-37-generic rename node.js -> io.js #42~16.04.1-Ubuntu SMP Wed Mar 7 16:03:28 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux:
• TLS:

I am trying to share the TLS ticketKeys among several servers running in cluster in order to enable the reuse of sessions regardless of the particular server receiving the request. Sharing ticketKeys among servers is quite straightforward when you create the servers using tls.createServer(), but in my case, I need to create the servers using net.createServer() and then wrap the incoming plain sockets with new TLSSocket().

The options parameter in new TLSSocket() allows you to enter a secureContext, but unfortunately there is no (published) way to share ticketKeys through secureContexts. I've peeked into the code, and discovered that there is an undocumented way to do it through secureContext.context.setTicketKeys(). I've even tested it and assessed that it works. But I don't dare to use it since it is not documented and could disappear with no previous notice. Could you please add a ticketKeys option to tls.createSecureContext() to enable the reuse of TLS sessions in cluster mode?

[bnoordhuis]

Pull requests welcome, I think.

[silverwind]

Agree, this looks like an oversight. I think we can move the ticketKeys option currently present on createServer to createSecureContext as the former inherits from the latter.

[ryzokuken]

@DiegoTUI are you willing to make a PR for this or should I?

[ryzokuken]

The docs do say that:

...: Any tls.createSecureContext() options can be provided. For servers, the identity options (pfx or key/cert) are usually required.

[ryzokuken]

Okay, in Server.prototype.setOptions, we do have

if (options.ticketKeys) this.ticketKeys = options.ticketKeys;

[ryzokuken]

@bnoordhuis @silverwind @DiegoTUI I made one at #20916, check it out.

[DiegoTUI]

@ryzokuken wow!! that was fast!! Thanks!!