Skip to content

feat: handle tls.Server.prototype.setOptions() depreciation #129

New issue
New issue
Open
Feature
Open
feat: handle tls.Server.prototype.setOptions() depreciation#129
Feature
Labels
good first issueGood for newcomershelp wantedExtra attention is neededlet's do it
@AugustinMauroy

Description

@AugustinMauroy
AugustinMauroy
opened on Jul 25, 2025

Description

Since tls.Server.prototype.setOptions() is deprecated (DEP0122) and has reached End-of-Life status, we should provide a codemod to replace it.

  • The codemod should replace all instances of server.setOptions() with server.setSecureContext().
  • The codemod should handle different usage patterns and parameter formats.
  • The codemod should update the implementation to use the modern secure context API instead of the deprecated options method.
  • If there are mixed usage patterns, the codemod should provide appropriate replacements based on context.

Additional Information

Note that tls.Server.prototype.setOptions() was removed in Node.js v24.0.0 and users should use Server.prototype.setSecureContext() instead. The setOptions() method was deprecated because it was less secure and didn't provide the same level of control over the TLS context as the newer setSecureContext() method.

The setOptions() method allowed setting various TLS options on an existing server, but this pattern has been superseded by the more explicit and secure setSecureContext() approach which requires creating a proper secure context.

Examples

Case 1: Basic setOptions usage

Before:

const tls = require('node:tls');

const server = tls.createServer();
server.setOptions({
  key: fs.readFileSync('server-key.pem'),
  cert: fs.readFileSync('server-cert.pem')
});

After:

const tls = require('node:tls');

const server = tls.createServer();
const secureContext = tls.createSecureContext({
  key: fs.readFileSync('server-key.pem'),
  cert: fs.readFileSync('server-cert.pem')
});
server.setSecureContext(secureContext);

Case 2: setOptions with cipher configuration

Before:

const { createServer } = require('node:tls');

const server = createServer();
server.setOptions({
  key: privateKey,
  cert: certificate,
  ciphers: 'ECDHE-RSA-AES128-GCM-SHA256:!RC4'
});

After:

const { createServer, createSecureContext } = require('node:tls');

const server = createServer();
const secureContext = createSecureContext({
  key: privateKey,
  cert: certificate,
  ciphers: 'ECDHE-RSA-AES128-GCM-SHA256:!RC4'
});
server.setSecureContext(secureContext);

Case 3: setOptions with CA configuration

Before:

import { createServer } from 'node:tls';

const server = createServer();
server.setOptions({
  key: serverKey,
  cert: serverCert,
  ca: [caCert],
  requestCert: true,
  rejectUnauthorized: true
});

After:

import { createServer, createSecureContext } from 'node:tls';

const server = createServer();
const secureContext = createSecureContext({
  key: serverKey,
  cert: serverCert,
  ca: [caCert],
  requestCert: true,
  rejectUnauthorized: true
});
server.setSecureContext(secureContext);

Case 4: Multiple setOptions calls

Before:

const tls = require('node:tls');

const server = tls.createServer();
server.setOptions({ key: key1, cert: cert1 });
server.setOptions({ ciphers: 'HIGH' });

After:

const tls = require('node:tls');

const server = tls.createServer();
const secureContext = tls.createSecureContext({
  key: key1,
  cert: cert1,
  ciphers: 'HIGH'
});
server.setSecureContext(secureContext);

Case 5: setOptions with PFX

Before:

const { createServer } = require('node:tls');

const server = createServer();
server.setOptions({
  pfx: fs.readFileSync('server.pfx'),
  passphrase: 'secret'
});

After:

const { createServer, createSecureContext } = require('node:tls');

const server = createServer();
const secureContext = createSecureContext({
  pfx: fs.readFileSync('server.pfx'),
  passphrase: 'secret'
});
server.setSecureContext(secureContext);

Case 6: setOptions with protocol version constraints

Before:

import * as tls from 'node:tls';

const server = tls.createServer();
server.setOptions({
  key: serverKey,
  cert: serverCert,
  minVersion: 'TLSv1.2',
  maxVersion: 'TLSv1.3'
});

After:

import * as tls from 'node:tls';

const server = tls.createServer();
const secureContext = tls.createSecureContext({
  key: serverKey,
  cert: serverCert,
  minVersion: 'TLSv1.2',
  maxVersion: 'TLSv1.3'
});
server.setSecureContext(secureContext);

Case 7: Chained method calls

Before:

const server = require('node:tls').createServer();
server.setOptions(options).listen(443);

After:

const tls = require('node:tls');
const server = tls.createServer();
const secureContext = tls.createSecureContext(options);
server.setSecureContext(secureContext);
server.listen(443);

Case 8: setOptions in conditional logic

Before:

const server = tls.createServer();

if (useCustomCerts) {
  server.setOptions({
    key: customKey,
    cert: customCert
  });
} else {
  server.setOptions(defaultOptions);
}

After:

const server = tls.createServer();

if (useCustomCerts) {
  const secureContext = tls.createSecureContext({
    key: customKey,
    cert: customCert
  });
  server.setSecureContext(secureContext);
} else {
  const secureContext = tls.createSecureContext(defaultOptions);
  server.setSecureContext(secureContext);
}

Refs

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood for newcomershelp wantedExtra attention is neededlet's do it

    Type

    Feature

    Projects

    Userland Migrations Board

    Status

    🔖 Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions