Description
Version
22
Platform
All Platforms
Subsystem
TLS
What steps will reproduce the bug?
There was already an issue that is closed #28985, however I could not reopen the issue again, but I have a confirmed repro sample that is still an issue.
Following repository contains the code to reproduce the issue.
https://github.com/ackava/node-tls-servername-false
How often does it reproduce? Is there a required condition?
The issue occurs from .NET HTTP Client, now .NET has widespread usage and variety of services connect to web servers hosted on node and specific TLS Session reuse from HttpClient from dotnet causes this bug.
To isolate the bug, I have separated TLS and HTTP1 layer, now I have an application where in I am offloading TLS in node cluster and forwarding connections to appropriate virtual hosts (every host has a separate application and separate SSL certificate).
What is the expected behavior? Why is that the expected behavior?
TLSSocket's servername should be SNI host.
What do you see instead?
When TLS Session is resumed, servername is false.
Additional information
However, switching to dotnet or any other framework, it is found that servername is available even after resumed session. Other frameworks store servername along with any session/ticket reuse that should be applied when session is resumed.
Currently I moved TLS outside nodejs and put it as a separate container and it serves the purpose. But Node's TLS is broken as when session is resumed, there is no way to get current certificate, current servername, everything is empty.
Possible Solutions
There is an easy way to fix this, by saving SNI host in session buffer for session resumption, this would fix the issue.