https

Enterprise-grade HTTPS request node for n8n with advanced TLS/SSL controls, certificate pinning, mTLS, and revocation checking

Package Information

Downloads: 39 weekly / 60 monthly
Latest Version: 0.1.0
Author: Cyphers AI

Available Nodes

HTTPS icon
HTTPS
Make HTTPS requests with advanced TLS/SSL controls

Documentation

n8n HTTPS Node

An enterprise-grade HTTPS request node for n8n with advanced TLS/SSL controls, FIPS 140-3 compliance support, and mutual TLS (mTLS) capabilities.

Why This Node?

The stock n8n HTTP Request node works well for most use cases, but enterprise and security-focused environments often require:

  • FIPS Compliance: Government, healthcare, and financial sectors require FIPS 140-3 validated cryptography (Pro)
  • Controlled Certificate Trust: Use a curated CA bundle instead of relying on OS trust stores that may vary across deployments
  • Cipher Suite Control: Enforce specific cipher suites to meet security policies
  • Certificate Revocation: Basic revocation checking (OCSP + CRL) is free; advanced policies require Pro
  • Mutual TLS: Authenticate to APIs using client certificates (Pro)

This node provides all of these capabilities while maintaining the familiar n8n workflow experience.

Features

TLS/SSL Engine Modes

Mode Description
Standard Full OpenSSL 3.x with all algorithms available
FIPS FIPS 140-3 validated cryptography only (OpenSSL 3.0.9+ FIPS provider)

Cipher Suite Control

Choose from preset profiles or define custom cipher strings:

  • Modern: TLS 1.3 only with strongest security
  • Intermediate: TLS 1.2+ with balanced compatibility
  • Compatible: Wider compatibility (no legacy insecure ciphers)
  • FIPS: Only FIPS-approved algorithms (Pro)
  • Custom: Specify your own OpenSSL cipher string
  • Custom cipher selection: Enable/disable individual ciphers within any preset

Certificate Authority Options

  • Bundled CAs: Mozilla NSS root CA bundle, independent of OS
  • OS + Bundled: Merge OS trust store with bundled CAs
  • Custom Bundle: Provide your own CA bundle
  • Additional CAs: Append extra CAs to any base configuration

Certificate Revocation Checking

Free Tier:

  • Simple on/off toggle
  • OCSP check with CRL fallback
  • Soft-fail (proceeds if check times out)

Pro Tier:

  • Advanced revocation policies (OCSP only, CRL only, Both required)
  • OCSP stapling (use server-provided OCSP responses for faster checks)
  • Hard-fail mode (fails request if revocation check fails)
  • Custom CRL/OCSP URL overrides
  • Configurable cache TTL (cache revocation results to reduce network calls)

HTTP/2 Support

Full HTTP/2 support for improved performance:

  • Auto negotiation: Uses ALPN to negotiate HTTP/2, automatic fallback to HTTP/1.1
  • Multiplexing: Multiple requests over a single connection
  • Header compression: HPACK compression reduces overhead
  • Configurable: Force HTTP/2 only or HTTP/1.1 only when needed

Connection Pooling

Reuse TCP connections across multiple requests:

  • Enabled by default: Automatically pools connections per host
  • Configurable limits: Set max connections per host (default: 6)
  • Idle timeout: Connections closed after configurable idle period

Proxy Support

Full proxy support with multiple authentication methods:

  • HTTP/HTTPS proxies: Connect through corporate proxies
  • Authentication: Basic, Digest, and NTLM authentication
  • Bypass list: Exclude specific hosts from proxy
  • Secure tunneling: HTTPS CONNECT for encrypted proxy tunnels

NTLM authentication uses the full NTLMv2 protocol for secure authentication with Windows-based proxies.

Certificate Pinning (Pro)

Restrict which server certificates are accepted:

  • Pin modes: Leaf certificate, Intermediate CA, Root CA, or SPKI hash
  • File-based pins: Select PEM files containing certificates to pin
  • SPKI hashes: Pin by public key hash for certificate rotation flexibility
  • Validation: Preview pinned certificates and their SPKI hashes before use

Mutual TLS (mTLS) (Pro)

Authenticate to servers using client certificates:

  • Load from n8n credential store (PEM or PKCS#12 format)
  • Reference server-side file paths
  • PKCS#12 (.p12/.pfx) support with password
  • Password-protected private keys supported

SIEM Log Export (Pro)

Export TLS security events to your SIEM for compliance and monitoring:

  • Formats: JSON (Elastic, Datadog), CEF (Splunk, ArcSight), Syslog RFC 5424
  • Destinations: Syslog (UDP/TCP/TLS), HTTP endpoint, local file
  • Events: TLS handshake, certificate chain, revocation results, errors

Requirements

Requirement Details
n8n Version 1.0.0 or later
Platform Linux x86_64 (glibc 2.17+, e.g., Ubuntu 18.04+, RHEL 7+, Debian 9+)
Node.js 18.x or later
OpenSSL 3.0.9 or later (required for FIPS mode)

Need support for additional architectures? (ARM64, Alpine/musl, etc.)
Contact us at contact@cyphers.ai

Installation

From n8n Community Nodes

  1. Open your n8n instance
  2. Go to Settings > Community Nodes
  3. Search for n8n-nodes-https
  4. Click Install

Manual Installation

# Create custom extensions directory if it doesn't exist
mkdir -p ~/.n8n/custom
cd ~/.n8n/custom
npm init -y
npm install n8n-nodes-https

# Set the environment variable (add to your shell profile for persistence)
export N8N_CUSTOM_EXTENSIONS="$HOME/.n8n/custom"

Restart n8n after installation.

Docker

FROM n8nio/n8n:latest

USER root
RUN cd /usr/local/lib/node_modules/n8n && \
    npm install n8n-nodes-https
USER node

Detailed Instructions: See INSTALLATION.md for Docker Compose, development setup, building from source, and troubleshooting.

Quick Start

Basic HTTPS Request

  1. Add the HTTPS node to your workflow
  2. Set the Method and URL
  3. Configure headers and body as needed
  4. Execute the workflow

Enable FIPS Mode (Pro)

  1. In the node configuration, expand TLS/SSL Settings
  2. Set Engine Mode to FIPS
  3. Select a FIPS-compatible cipher profile

Use a Client Certificate (mTLS) (Pro)

  1. Create a new credential of type HTTPS Client Certificate
  2. Paste your certificate and private key (PEM format)
  3. In the node, expand Client Certificate (mTLS)
  4. Enable client certificate and select your credential

Enable Revocation Checking

  1. Expand Certificate Revocation
  2. Toggle Enable Revocation Checking to On (Free: OCSP + CRL with soft-fail)
  3. For advanced policies or hard-fail mode, a Pro license is required

Activating Pro Features

Pro features are unlocked with a license key. The license works completely offline.

Free vs Pro Features

Feature Free Pro
TLS version control (1.2, 1.3) Yes Yes
Cipher suite presets (Modern, Intermediate, Compatible) Yes Yes
Custom OpenSSL cipher strings Yes Yes
Individual cipher selection within profiles Yes Yes
Curated CA bundle (Mozilla NSS) Yes Yes
Custom CA bundles & additional CAs (with validation) Yes Yes
Basic certificate verification Yes Yes
Basic revocation checking (OCSP + CRL, soft-fail) Yes Yes
HTTP/2 support (with automatic fallback) Yes Yes
Connection pooling for improved performance Yes Yes
Proxy authentication (Basic, Digest, NTLM) Yes Yes
Certificate pinning - Yes
Mutual TLS (mTLS) - Yes
Advanced revocation policies - Yes
OCSP stapling support - Yes
Hard-fail mode - Yes
Custom CRL/OCSP URLs - Yes
Revocation cache with configurable TTL - Yes
FIPS 140-3 mode - Yes
SIEM log export (JSON, CEF, Syslog) - Yes

Pro License: One-time purchase, works offline, no subscription.
Purchase at cyphers.ai or contact sales@cyphers.ai

Purchase at cyphers.ai or contact sales@cyphers.ai

Activate

  1. In n8n, go to Credentials and create a new HTTPS Pro License credential
  2. Paste your license key (format: HTTPS-xxxxx.xxxxx)
  3. In the HTTPS node, select your license credential under Pro License

The license is validated locally using cryptographic signatures - no internet connection required.

Configuration Reference

See TECHNICAL_DETAILS.md for complete configuration options and API reference.

Security Considerations

  • Client certificate private keys are stored encrypted in n8n's credential store
  • File path references for certificates are server-side paths (not uploaded from browser)
  • FIPS mode strictly enforces FIPS-approved algorithms
  • The bundled CA store is updated with each plugin release

Support

Roadmap

Planned features for upcoming releases:

  • Request/Response Size Limits: Configurable maximum sizes to prevent memory exhaustion from large payloads
  • CA Bundle Integrity Verification: Cryptographic signing of the bundled CA certificates for supply chain security
  • SIEM Error Alerting: Callbacks and fallback logging when SIEM transmission fails, preventing audit blind spots

Have a feature request? Open an issue on GitHub or contact us at contact@cyphers.ai.

License

The node is open source under the MIT License. Pro features require a commercial license key.

Contributing

Contributions are welcome! Please read our contributing guidelines before submitting PRs.

Discussion