tls: expose SSL_CTX_set_timeout via tls.createServer

Add the `sessionTimeout` integral value to the list of options
recognized by `tls.createServer`.

This option will be useful for applications which need frequently
establish short-lived TLS connections to the same endpoint. The TLS
tickets RFC is an ideal option to reduce the socket setup overhead
for such scenarios, but the default ticket timeout value (5
minutes) is too low to be useful.

1 files changed, 6 insertions, 0 deletions

diff --git a/lib/tls.js b/lib/tls.js
index df2afec533..334f4116ba 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -990,6 +990,7 @@ SecurePair.prototype.error = function() {
 // - key. string.
 // - cert: string.
 // - ca: string or array of strings.
+// - sessionTimeout: integer.
 //
 // emit 'secureConnection'
 //   function (cleartextStream, encryptedStream) { }
@@ -1058,6 +1059,10 @@ function Server(/* [options], listener */) {
     throw new TypeError('handshakeTimeout must be a number');
   }
 
+  if (self.sessionTimeout) {
+    sharedCreds.context.setSessionTimeout(self.sessionTimeout);
+  }
+
   // constructor call
   net.Server.call(this, function(socket) {
     var creds = crypto.createCredentials(null, sharedCreds.context);
@@ -1154,6 +1159,7 @@ Server.prototype.setOptions = function(options) {
   if (options.secureProtocol) this.secureProtocol = options.secureProtocol;
   if (options.crl) this.crl = options.crl;
   if (options.ciphers) this.ciphers = options.ciphers;
+  if (options.sessionTimeout) this.sessionTimeout = options.sessionTimeout;
   var secureOptions = options.secureOptions || 0;
   if (options.honorCipherOrder) {
     secureOptions |= constants.SSL_OP_CIPHER_SERVER_PREFERENCE;