Description
n8n HTTPS Node
An enterprise-grade HTTPS request node for n8n with advanced TLS/SSL controls, FIPS 140-3 compliance support, and mutual TLS (mTLS) capabilities.
Why This Node?
The stock n8n HTTP Request node works well for most use cases, but enterprise and security-focused environments often require:
- FIPS Compliance: Government, healthcare, and financial sectors require FIPS 140-3 validated cryptography (Pro)
- Controlled Certificate Trust: Use a curated CA bundle instead of relying on OS trust stores that may vary across deployments
- Cipher Suite Control: Enforce specific cipher suites to meet security policies
- Certificate Revocation: Basic revocation checking (OCSP + CRL) is free; advanced policies require Pro
- Mutual TLS: Authenticate to APIs using client certificates (Pro)
- Modern: TLS 1.3 only with strongest security
- Intermediate: TLS 1.2+ with balanced compatibility
- Compatible: Wider compatibility (no legacy insecure ciphers)
- FIPS: Only FIPS-approved algorithms (Pro)
- Custom: Specify your own OpenSSL cipher string
- Custom cipher selection: Enable/disable individual ciphers within any preset
- Bundled CAs: Mozilla NSS root CA bundle, independent of OS
- OS + Bundled: Merge OS trust store with bundled CAs
- Custom Bundle: Provide your own CA bundle
- Additional CAs: Append extra CAs to any base configuration
- Simple on/off toggle
- OCSP check with CRL fallback
- Soft-fail (proceeds if check times out)
- Advanced revocation policies (OCSP only, CRL only, Both required)
- OCSP stapling (use server-provided OCSP responses for faster checks)
- Hard-fail mode (fails request if revocation check fails)
- Custom CRL/OCSP URL overrides
- Configurable cache TTL (cache revocation results to reduce network calls)
- Auto negotiation: Uses ALPN to negotiate HTTP/2, automatic fallback to HTTP/1.1
- Multiplexing: Multiple requests over a single connection
- Header compression: HPACK compression reduces overhead
- Configurable: Force HTTP/2 only or HTTP/1.1 only when needed
- Enabled by default: Automatically pools connections per host
- Configurable limits: Set max connections per host (default: 6)
- Idle timeout: Connections closed after configurable idle period
- HTTP/HTTPS proxies: Connect through corporate proxies
- Authentication: Basic, Digest, and NTLM authentication
- Bypass list: Exclude specific hosts from proxy
- Secure tunneling: HTTPS CONNECT for encrypted proxy tunnels
- Pin modes: Leaf certificate, Intermediate CA, Root CA, or SPKI hash
- File-based pins: Select PEM files containing certificates to pin
- SPKI hashes: Pin by public key hash for certificate rotation flexibility
- Validation: Preview pinned certificates and their SPKI hashes before use
- Load from n8n credential store (PEM or PKCS#12 format)
- Reference server-side file paths
- PKCS#12 (.p12/.pfx) support with password
- Password-protected private keys supported
- Formats: JSON (Elastic, Datadog), CEF (Splunk, ArcSight), Syslog RFC 5424
- Destinations: Syslog (UDP/TCP/TLS), HTTP endpoint, local file
- Events: TLS handshake, certificate chain, revocation results, errors
This node provides all of these capabilities while maintaining the familiar n8n workflow experience.
Features
TLS/SSL Engine Modes
| Mode | Description |
|——|————-|
| Standard | Full OpenSSL 3.x with all algorithms available |
| FIPS | FIPS 140-3 validated cryptography only (OpenSSL 3.0.9+ FIPS provider) |
Cipher Suite Control
Choose from preset profiles or define custom cipher strings:
Certificate Authority Options
Certificate Revocation Checking
Free Tier:
Pro Tier:
HTTP/2 Support
Full HTTP/2 support for improved performance:
Connection Pooling
Reuse TCP connections across multiple requests:
Proxy Support
Full proxy support with multiple authentication methods:
NTLM authentication uses the full NTLMv2 protocol for secure authentication with Windows-based proxies.
Certificate Pinning (Pro)
Restrict which server certificates are accepted:
Mutual TLS (mTLS) (Pro)
Authenticate to servers using client certificates:
SIEM Log Export (Pro)
Export TLS security events to your SIEM for compliance and monitoring:
Requirements
| Requirement | Details |
|————-|———|
| n8n | Version 1.0.0 or later |
| Platform | Linux x86_64 (glibc 2.17+, e.g., Ubuntu 18.04+, RHEL 7+, Debian 9+) |
| Node.js | 18.x or later |
| OpenSSL | 3.0.9 or later (required for FIPS mode) |
> Need support for additional architectures? (ARM64, Alpine/musl, etc.)
> Contact us at contact@cyphers.ai
Installation
From n8n Community Nodes
1. Open your n8n instance
2. Go to Settings > Community Nodes
3. Search for n8n-nodes-https
4. Click Install
Manual Installation
Create custom extensions directory if it doesn't exist
mkdir -p ~/.n8n/custom
cd ~/.n8n/custom
npm init -y
npm install n8n-nodes-httpsSet the environment variable (add to your shell profile for persistence)
export N8NCUSTOMEXTENSIONS="$HOME/.n8n/custom"
Restart n8n after installation.
Docker
FROM n8nio/n8n:latestUSER root
RUN cd /usr/local/lib/node_modules/n8n &&
npm install n8n-nodes-https
USER node
> Detailed Instructions: See INSTALLATION.md for Docker Compose, development setup, building from source, and troubleshooting.
Quick Start
Basic HTTPS Request
1. Add the HTTPS node to your workflow
2. Set the Method and URL
3. Configure headers and body as needed
4. Execute the workflow
Enable FIPS Mode (Pro)
1. In the node configuration, expand TLS/SSL Settings
2. Set Engine Mode to FIPS
3. Select a FIPS-compatible cipher profile
Use a Client Certificate (mTLS) (Pro)
1. Create a new credential of type HTTPS Client Certificate
2. Paste your certificate and private key (PEM format)
3. In the node, expand Client Certificate (mTLS)
4. Enable client certificate and select your credential
Enable Revocation Checking
1. Expand Certificate Revocation
2. Toggle Enable Revocation Checking to On (Free: OCSP + CRL with soft-fail)
3. For advanced policies or hard-fail mode, a Pro license is required
Activating Pro Features
Pro features are unlocked with a license key. The license works completely offline.
Free vs Pro Features
| Feature | Free | Pro |
|———|:—-:|:—:|
| TLS version control (1.2, 1.3) | Yes | Yes |
| Cipher suite presets (Modern, Intermediate, Compatible) | Yes | Yes |
| Custom OpenSSL cipher strings | Yes | Yes |
| Individual cipher selection within profiles | Yes | Yes |
| Curated CA bundle (Mozilla NSS) | Yes | Yes |
| Custom CA bundles & additional CAs (with validation) | Yes | Yes |
| Basic certificate verification | Yes | Yes |
| Basic revocation checking (OCSP + CRL, soft-fail) | Yes | Yes |
| HTTP/2 support (with automatic fallback) | Yes | Yes |
| Connection pooling for improved performance | Yes | Yes |
| Proxy authentication (Basic, Digest, NTLM) | Yes | Yes |
| Certificate pinning | – | Yes |
| Mutual TLS (mTLS) | – | Yes |
| Advanced revocation policies | – | Yes |
| OCSP stapling support | – | Yes |
| Hard-fail mode | – | Yes |
| Custom CRL/OCSP URLs | – | Yes |
| Revocation cache with configurable TTL | – | Yes |
| FIPS 140-3 mode | – | Yes |
| SIEM log export (JSON, CEF, Syslog) | – | Yes |
> Pro License: One-time purchase, works offline, no subscription.
> Purchase at cyphers.ai or contact sales@cyphers.ai
Purchase at cyphers.ai or contact sales@cyphers.ai
Activate
1. In n8n, go to Credentials and create a new HTTPS Pro License credential
2. Paste your license key (format: HTTPS-xxxxx.xxxxx)
3. In the HTTPS node, select your license credential under Pro License
The license is validated locally using cryptographic signatures – no internet connection required.
Configuration Reference
See GitHub Issues
Roadmap
Planned features for upcoming releases:
Have a feature request? Open an issue on GitHub or contact us at contact@cyphers.ai.
License
The node is open source under the MIT License. Pro features require a commercial license key.
Contributing
Contributions are welcome! Please read our contributing guidelines before submitting PRs.