Description
Since tls.Server.prototype.setOptions() is deprecated (DEP0122) and has reached End-of-Life status, we should provide a codemod to replace it.
- The codemod should replace all instances of
server.setOptions() with server.setSecureContext().
- The codemod should handle different usage patterns and parameter formats.
- The codemod should update the implementation to use the modern secure context API instead of the deprecated options method.
- If there are mixed usage patterns, the codemod should provide appropriate replacements based on context.
Additional Information
Note that tls.Server.prototype.setOptions() was removed in Node.js v24.0.0 and users should use Server.prototype.setSecureContext() instead. The setOptions() method was deprecated because it was less secure and didn't provide the same level of control over the TLS context as the newer setSecureContext() method.
The setOptions() method allowed setting various TLS options on an existing server, but this pattern has been superseded by the more explicit and secure setSecureContext() approach which requires creating a proper secure context.
Examples
Case 1: Basic setOptions usage
Before:
const tls = require('node:tls');
const server = tls.createServer();
server.setOptions({
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-cert.pem')
});After:
const tls = require('node:tls');
const server = tls.createServer();
const secureContext = tls.createSecureContext({
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-cert.pem')
});
server.setSecureContext(secureContext);Case 2: setOptions with cipher configuration
Before:
const { createServer } = require('node:tls');
const server = createServer();
server.setOptions({
key: privateKey,
cert: certificate,
ciphers: 'ECDHE-RSA-AES128-GCM-SHA256:!RC4'
});After:
const { createServer, createSecureContext } = require('node:tls');
const server = createServer();
const secureContext = createSecureContext({
key: privateKey,
cert: certificate,
ciphers: 'ECDHE-RSA-AES128-GCM-SHA256:!RC4'
});
server.setSecureContext(secureContext);Case 3: setOptions with CA configuration
Before:
import { createServer } from 'node:tls';
const server = createServer();
server.setOptions({
key: serverKey,
cert: serverCert,
ca: [caCert],
requestCert: true,
rejectUnauthorized: true
});After:
import { createServer, createSecureContext } from 'node:tls';
const server = createServer();
const secureContext = createSecureContext({
key: serverKey,
cert: serverCert,
ca: [caCert],
requestCert: true,
rejectUnauthorized: true
});
server.setSecureContext(secureContext);Case 4: Multiple setOptions calls
Before:
const tls = require('node:tls');
const server = tls.createServer();
server.setOptions({ key: key1, cert: cert1 });
server.setOptions({ ciphers: 'HIGH' });After:
const tls = require('node:tls');
const server = tls.createServer();
const secureContext = tls.createSecureContext({
key: key1,
cert: cert1,
ciphers: 'HIGH'
});
server.setSecureContext(secureContext);Case 5: setOptions with PFX
Before:
const { createServer } = require('node:tls');
const server = createServer();
server.setOptions({
pfx: fs.readFileSync('server.pfx'),
passphrase: 'secret'
});After:
const { createServer, createSecureContext } = require('node:tls');
const server = createServer();
const secureContext = createSecureContext({
pfx: fs.readFileSync('server.pfx'),
passphrase: 'secret'
});
server.setSecureContext(secureContext);Case 6: setOptions with protocol version constraints
Before:
import * as tls from 'node:tls';
const server = tls.createServer();
server.setOptions({
key: serverKey,
cert: serverCert,
minVersion: 'TLSv1.2',
maxVersion: 'TLSv1.3'
});After:
import * as tls from 'node:tls';
const server = tls.createServer();
const secureContext = tls.createSecureContext({
key: serverKey,
cert: serverCert,
minVersion: 'TLSv1.2',
maxVersion: 'TLSv1.3'
});
server.setSecureContext(secureContext);Case 7: Chained method calls
Before:
const server = require('node:tls').createServer();
server.setOptions(options).listen(443);After:
const tls = require('node:tls');
const server = tls.createServer();
const secureContext = tls.createSecureContext(options);
server.setSecureContext(secureContext);
server.listen(443);Case 8: setOptions in conditional logic
Before:
const server = tls.createServer();
if (useCustomCerts) {
server.setOptions({
key: customKey,
cert: customCert
});
} else {
server.setOptions(defaultOptions);
}After:
const server = tls.createServer();
if (useCustomCerts) {
const secureContext = tls.createSecureContext({
key: customKey,
cert: customCert
});
server.setSecureContext(secureContext);
} else {
const secureContext = tls.createSecureContext(defaultOptions);
server.setSecureContext(secureContext);
}Refs
Description
Since
tls.Server.prototype.setOptions()is deprecated (DEP0122) and has reached End-of-Life status, we should provide a codemod to replace it.server.setOptions()withserver.setSecureContext().Additional Information
Note that
tls.Server.prototype.setOptions()was removed in Node.js v24.0.0 and users should useServer.prototype.setSecureContext()instead. ThesetOptions()method was deprecated because it was less secure and didn't provide the same level of control over the TLS context as the newersetSecureContext()method.The
setOptions()method allowed setting various TLS options on an existing server, but this pattern has been superseded by the more explicit and securesetSecureContext()approach which requires creating a proper secure context.Examples
Case 1: Basic setOptions usage
Before:
After:
Case 2: setOptions with cipher configuration
Before:
After:
Case 3: setOptions with CA configuration
Before:
After:
Case 4: Multiple setOptions calls
Before:
After:
Case 5: setOptions with PFX
Before:
After:
Case 6: setOptions with protocol version constraints
Before:
After:
Case 7: Chained method calls
Before:
After:
Case 8: setOptions in conditional logic
Before:
After:
Refs
tlsServer.prototype.setOptions()