Setting up multiple HTTPS servers listening on the same port in Node

Question

By not specifying a protocol, the following block will result in an HTTPS server that uses TLS 1.2:

var options = {
    key: fs.readFileSync("security/server.key"),
    cert: fs.readFileSync("security/server.crt")
};
https.createServer(options, app).listen(443);

However, one of my endpoints needs to act as a subscriber endpoint for the Fitbit API, which requires TLS 1.0. To do this, I need to set secureProtocol to TLSv1_method.

var options = {
    key: fs.readFileSync("security/server.key"),
    cert: fs.readFileSync("security/server.crt"),
    secureProtocol: "TLSv1_method" // Fitbit subscription API requires TLS 1.0
};
https.createServer(options, app).listen(443);

What would be the best way to use TLS 1.0 for one endpoint and TLS 1.2 for all others? The answer may lie in the http-proxy module, but I'm having a hard time applying the documentation to my use case. Note that I am using different subdomains to differentiate the traffic.

Answer 1

If secureProtocol is not defined in the options, then by default node will create a https server that accepts connections on TLS 1.0, TLS 1.1 and TLS 1.2.

---

Example Server:

const https = require('https');
const fs = require('fs');

const options = {
  key: fs.readFileSync('default-key.pem'),
  cert: fs.readFileSync('default-cert.pem')
};

https.createServer(options, (req, res) => {
  res.writeHead(200);
  res.end('hello world\n');
}).listen(8000);

You can test this at the command line with curl:

Test for SSLv3 (will fail, it's disabled by default):

curl --sslv3 https://localhost:8000 -k

Test for TLSv1 (will work):

curl --tlsv1.0 https://localhost:8000 -k

Test for TLSv1.1 (will work):

curl --tlsv1.1 https://localhost:8000 -k

Test for TLSv1.2 (will work):

curl --tlsv1.2 https://localhost:8000 -k

---

Tested on node.js version 5.3.0 and 5.5.0 (latest stable).