npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

n8n-nodes-https

v0.1.0

Published

Enterprise-grade HTTPS request node for n8n with advanced TLS/SSL controls, certificate pinning, mTLS, and revocation checking

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

cyphers-aicyphers-ai

Keywords

n8n-community-node-packagen8nhttpstlssslmtlscertificatepinningsecurity

Readme

n8n HTTPS Node

An enterprise-grade HTTPS request node for n8n with advanced TLS/SSL controls, FIPS 140-3 compliance support, and mutual TLS (mTLS) capabilities.

Why This Node?

The stock n8n HTTP Request node works well for most use cases, but enterprise and security-focused environments often require:

  • FIPS Compliance: Government, healthcare, and financial sectors require FIPS 140-3 validated cryptography (Pro)
  • Controlled Certificate Trust: Use a curated CA bundle instead of relying on OS trust stores that may vary across deployments
  • Cipher Suite Control: Enforce specific cipher suites to meet security policies
  • Certificate Revocation: Basic revocation checking (OCSP + CRL) is free; advanced policies require Pro
  • Mutual TLS: Authenticate to APIs using client certificates (Pro)

This node provides all of these capabilities while maintaining the familiar n8n workflow experience.

Features

TLS/SSL Engine Modes

| Mode | Description | |------|-------------| | Standard | Full OpenSSL 3.x with all algorithms available | | FIPS | FIPS 140-3 validated cryptography only (OpenSSL 3.0.9+ FIPS provider) |

Cipher Suite Control

Choose from preset profiles or define custom cipher strings:

  • Modern: TLS 1.3 only with strongest security
  • Intermediate: TLS 1.2+ with balanced compatibility
  • Compatible: Wider compatibility (no legacy insecure ciphers)
  • FIPS: Only FIPS-approved algorithms (Pro)
  • Custom: Specify your own OpenSSL cipher string
  • Custom cipher selection: Enable/disable individual ciphers within any preset

Certificate Authority Options

  • Bundled CAs: Mozilla NSS root CA bundle, independent of OS
  • OS + Bundled: Merge OS trust store with bundled CAs
  • Custom Bundle: Provide your own CA bundle
  • Additional CAs: Append extra CAs to any base configuration

Certificate Revocation Checking

Free Tier:

  • Simple on/off toggle
  • OCSP check with CRL fallback
  • Soft-fail (proceeds if check times out)

Pro Tier:

  • Advanced revocation policies (OCSP only, CRL only, Both required)
  • OCSP stapling (use server-provided OCSP responses for faster checks)
  • Hard-fail mode (fails request if revocation check fails)
  • Custom CRL/OCSP URL overrides
  • Configurable cache TTL (cache revocation results to reduce network calls)

HTTP/2 Support

Full HTTP/2 support for improved performance:

  • Auto negotiation: Uses ALPN to negotiate HTTP/2, automatic fallback to HTTP/1.1
  • Multiplexing: Multiple requests over a single connection
  • Header compression: HPACK compression reduces overhead
  • Configurable: Force HTTP/2 only or HTTP/1.1 only when needed

Connection Pooling

Reuse TCP connections across multiple requests:

  • Enabled by default: Automatically pools connections per host
  • Configurable limits: Set max connections per host (default: 6)
  • Idle timeout: Connections closed after configurable idle period

Proxy Support

Full proxy support with multiple authentication methods:

  • HTTP/HTTPS proxies: Connect through corporate proxies
  • Authentication: Basic, Digest, and NTLM authentication
  • Bypass list: Exclude specific hosts from proxy
  • Secure tunneling: HTTPS CONNECT for encrypted proxy tunnels

NTLM authentication uses the full NTLMv2 protocol for secure authentication with Windows-based proxies.

Certificate Pinning (Pro)

Restrict which server certificates are accepted:

  • Pin modes: Leaf certificate, Intermediate CA, Root CA, or SPKI hash
  • File-based pins: Select PEM files containing certificates to pin
  • SPKI hashes: Pin by public key hash for certificate rotation flexibility
  • Validation: Preview pinned certificates and their SPKI hashes before use

Mutual TLS (mTLS) (Pro)

Authenticate to servers using client certificates:

  • Load from n8n credential store (PEM or PKCS#12 format)
  • Reference server-side file paths
  • PKCS#12 (.p12/.pfx) support with password
  • Password-protected private keys supported

SIEM Log Export (Pro)

Export TLS security events to your SIEM for compliance and monitoring:

  • Formats: JSON (Elastic, Datadog), CEF (Splunk, ArcSight), Syslog RFC 5424
  • Destinations: Syslog (UDP/TCP/TLS), HTTP endpoint, local file
  • Events: TLS handshake, certificate chain, revocation results, errors

Requirements

| Requirement | Details | |-------------|---------| | n8n | Version 1.0.0 or later | | Platform | Linux x86_64 (glibc 2.17+, e.g., Ubuntu 18.04+, RHEL 7+, Debian 9+) | | Node.js | 18.x or later | | OpenSSL | 3.0.9 or later (required for FIPS mode) |

Need support for additional architectures? (ARM64, Alpine/musl, etc.) Contact us at [email protected]

Installation

From n8n Community Nodes

  1. Open your n8n instance
  2. Go to Settings > Community Nodes
  3. Search for n8n-nodes-https
  4. Click Install

Manual Installation

# Create custom extensions directory if it doesn't exist
mkdir -p ~/.n8n/custom
cd ~/.n8n/custom
npm init -y
npm install n8n-nodes-https

# Set the environment variable (add to your shell profile for persistence)
export N8N_CUSTOM_EXTENSIONS="$HOME/.n8n/custom"

Restart n8n after installation.

Docker

FROM n8nio/n8n:latest

USER root
RUN cd /usr/local/lib/node_modules/n8n && \
    npm install n8n-nodes-https
USER node

Detailed Instructions: See INSTALLATION.md for Docker Compose, development setup, building from source, and troubleshooting.

Quick Start

Basic HTTPS Request

  1. Add the HTTPS node to your workflow
  2. Set the Method and URL
  3. Configure headers and body as needed
  4. Execute the workflow

Enable FIPS Mode (Pro)

  1. In the node configuration, expand TLS/SSL Settings
  2. Set Engine Mode to FIPS
  3. Select a FIPS-compatible cipher profile

Use a Client Certificate (mTLS) (Pro)

  1. Create a new credential of type HTTPS Client Certificate
  2. Paste your certificate and private key (PEM format)
  3. In the node, expand Client Certificate (mTLS)
  4. Enable client certificate and select your credential

Enable Revocation Checking

  1. Expand Certificate Revocation
  2. Toggle Enable Revocation Checking to On (Free: OCSP + CRL with soft-fail)
  3. For advanced policies or hard-fail mode, a Pro license is required

Activating Pro Features

Pro features are unlocked with a license key. The license works completely offline.

Free vs Pro Features

| Feature | Free | Pro | |---------|:----:|:---:| | TLS version control (1.2, 1.3) | Yes | Yes | | Cipher suite presets (Modern, Intermediate, Compatible) | Yes | Yes | | Custom OpenSSL cipher strings | Yes | Yes | | Individual cipher selection within profiles | Yes | Yes | | Curated CA bundle (Mozilla NSS) | Yes | Yes | | Custom CA bundles & additional CAs (with validation) | Yes | Yes | | Basic certificate verification | Yes | Yes | | Basic revocation checking (OCSP + CRL, soft-fail) | Yes | Yes | | HTTP/2 support (with automatic fallback) | Yes | Yes | | Connection pooling for improved performance | Yes | Yes | | Proxy authentication (Basic, Digest, NTLM) | Yes | Yes | | Certificate pinning | - | Yes | | Mutual TLS (mTLS) | - | Yes | | Advanced revocation policies | - | Yes | | OCSP stapling support | - | Yes | | Hard-fail mode | - | Yes | | Custom CRL/OCSP URLs | - | Yes | | Revocation cache with configurable TTL | - | Yes | | FIPS 140-3 mode | - | Yes | | SIEM log export (JSON, CEF, Syslog) | - | Yes |

Pro License: One-time purchase, works offline, no subscription. Purchase at cyphers.ai or contact [email protected]

Purchase at cyphers.ai or contact [email protected]

Activate

  1. In n8n, go to Credentials and create a new HTTPS Pro License credential
  2. Paste your license key (format: HTTPS-xxxxx.xxxxx)
  3. In the HTTPS node, select your license credential under Pro License

The license is validated locally using cryptographic signatures - no internet connection required.

Configuration Reference

See TECHNICAL_DETAILS.md for complete configuration options and API reference.

Security Considerations

  • Client certificate private keys are stored encrypted in n8n's credential store
  • File path references for certificates are server-side paths (not uploaded from browser)
  • FIPS mode strictly enforces FIPS-approved algorithms
  • The bundled CA store is updated with each plugin release

Support

Roadmap

Planned features for upcoming releases:

  • Request/Response Size Limits: Configurable maximum sizes to prevent memory exhaustion from large payloads
  • CA Bundle Integrity Verification: Cryptographic signing of the bundled CA certificates for supply chain security
  • SIEM Error Alerting: Callbacks and fallback logging when SIEM transmission fails, preventing audit blind spots

Have a feature request? Open an issue on GitHub or contact us at [email protected].

License

The node is open source under the MIT License. Pro features require a commercial license key.

Contributing

Contributions are welcome! Please read our contributing guidelines before submitting PRs.