doc: warn that tls.connect() doesn't set SNI

Add a note warning users that when using tls.connect(), the `servername` option must be set explicitely to enable SNI, otherwise the connection could fail. PR-URL: #33855 Fixes: #28167 Co-authored-by: Denys Otrishko <shishugi@gmail.com> Reviewed-By: Robert Nagy <ronagy@icloud.com> Reviewed-By: Denys Otrishko <shishugi@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
nodejs · Jul 12, 2020 · ddc5afd · ddc5afd
1 parent d77eaee
commit ddc5afd
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/doc/api/tls.md b/doc/api/tls.md
@@ -1392,6 +1392,12 @@ The `callback` function, if specified, will be added as a listener for the
 
 `tls.connect()` returns a [`tls.TLSSocket`][] object.
 
+Unlike the `https` API, `tls.connect()` does not enable the
+SNI (Server Name Indication) extension by default, which may cause some
+servers to return an incorrect certificate or reject the connection
+altogether. To enable SNI, set the `servername` option in addition
+to `host`.
+
 The following illustrates a client for the echo server example from
 [`tls.createServer()`][]: