n8n HTTPS Node

An enterprise-grade HTTPS request node for n8n with advanced TLS/SSL controls, FIPS 140-3 compliance support, and mutual TLS (mTLS) capabilities.

Why This Node?

The stock n8n HTTP Request node works well for most use cases, but enterprise and security-focused environments often require:

- FIPS Compliance: Government, healthcare, and financial sectors require FIPS 140-3 validated cryptography (Pro)
- Controlled Certificate Trust: Use a curated CA bundle instead of relying on OS trust stores that may vary across deployments
- Cipher Suite Control: Enforce specific cipher suites to meet security policies
- Certificate Revocation: Basic revocation checking (OCSP + CRL) is free; advanced policies require Pro
- Mutual TLS: Authenticate to APIs using client certificates (Pro)

This node provides all of these capabilities while maintaining the familiar n8n workflow experience.

Features

$3

| Mode | Description |
|------|-------------|
| Standard | Full OpenSSL 3.x with all algorithms available |
| FIPS | FIPS 140-3 validated cryptography only (OpenSSL 3.0.9+ FIPS provider) |

$3

Choose from preset profiles or define custom cipher strings:

- Modern: TLS 1.3 only with strongest security
- Intermediate: TLS 1.2+ with balanced compatibility
- Compatible: Wider compatibility (no legacy insecure ciphers)
- FIPS: Only FIPS-approved algorithms (Pro)
- Custom: Specify your own OpenSSL cipher string
- Custom cipher selection: Enable/disable individual ciphers within any preset

$3

- Bundled CAs: Mozilla NSS root CA bundle, independent of OS
- OS + Bundled: Merge OS trust store with bundled CAs
- Custom Bundle: Provide your own CA bundle
- Additional CAs: Append extra CAs to any base configuration

$3

Free Tier:
- Simple on/off toggle
- OCSP check with CRL fallback
- Soft-fail (proceeds if check times out)

Pro Tier:
- Advanced revocation policies (OCSP only, CRL only, Both required)
- OCSP stapling (use server-provided OCSP responses for faster checks)
- Hard-fail mode (fails request if revocation check fails)
- Custom CRL/OCSP URL overrides
- Configurable cache TTL (cache revocation results to reduce network calls)

$3

Full HTTP/2 support for improved performance:

- Auto negotiation: Uses ALPN to negotiate HTTP/2, automatic fallback to HTTP/1.1
- Multiplexing: Multiple requests over a single connection
- Header compression: HPACK compression reduces overhead
- Configurable: Force HTTP/2 only or HTTP/1.1 only when needed

$3

Reuse TCP connections across multiple requests:

- Enabled by default: Automatically pools connections per host
- Configurable limits: Set max connections per host (default: 6)
- Idle timeout: Connections closed after configurable idle period

$3

Full proxy support with multiple authentication methods:

- HTTP/HTTPS proxies: Connect through corporate proxies
- Authentication: Basic, Digest, and NTLM authentication
- Bypass list: Exclude specific hosts from proxy
- Secure tunneling: HTTPS CONNECT for encrypted proxy tunnels

NTLM authentication uses the full NTLMv2 protocol for secure authentication with Windows-based proxies.

$3

Restrict which server certificates are accepted:

- Pin modes: Leaf certificate, Intermediate CA, Root CA, or SPKI hash
- File-based pins: Select PEM files containing certificates to pin
- SPKI hashes: Pin by public key hash for certificate rotation flexibility
- Validation: Preview pinned certificates and their SPKI hashes before use

$3

Authenticate to servers using client certificates:

- Load from n8n credential store (PEM or PKCS#12 format)
- Reference server-side file paths
- PKCS#12 (.p12/.pfx) support with password
- Password-protected private keys supported

$3

Export TLS security events to your SIEM for compliance and monitoring:

- Formats: JSON (Elastic, Datadog), CEF (Splunk, ArcSight), Syslog RFC 5424
- Destinations: Syslog (UDP/TCP/TLS), HTTP endpoint, local file
- Events: TLS handshake, certificate chain, revocation results, errors

Requirements

| Requirement | Details |
|-------------|---------|
| n8n | Version 1.0.0 or later |
| Platform | Linux x86_64 (glibc 2.17+, e.g., Ubuntu 18.04+, RHEL 7+, Debian 9+) |
| Node.js | 18.x or later |
| OpenSSL | 3.0.9 or later (required for FIPS mode) |

> Need support for additional architectures? (ARM64, Alpine/musl, etc.)
> Contact us at contact@cyphers.ai

Installation

$3

1. Open your n8n instance
2. Go to Settings > Community Nodes
3. Search for n8n-nodes-https
4. Click Install

$3

``bash

`Create custom extensions directory if it doesn't exist`


mkdir -p ~/.n8n/custom
cd ~/.n8n/custom
npm init -y
npm install n8n-nodes-https
Set the environment variable (add to your shell profile for persistence)

export N8N_CUSTOM_EXTENSIONS="$HOME/.n8n/custom"


Restart n8n after installation.
$3

`dockerfile FROM n8nio/n8n:latest

USER root RUN cd /usr/local/lib/node_modules/n8n && \ npm install n8n-nodes-https USER node`

> Detailed Instructions: See INSTALLATION.md for Docker Compose, development setup, building from source, and troubleshooting.

`Quick Start`

`$3`

1. Add the HTTPS node to your workflow 2. Set the Method and URL 3. Configure headers and body as needed 4. Execute the workflow

`$3`

1. In the node configuration, expand TLS/SSL Settings 2. Set Engine Mode to FIPS 3. Select a FIPS-compatible cipher profile

`$3`

1. Create a new credential of type HTTPS Client Certificate 2. Paste your certificate and private key (PEM format) 3. In the node, expand Client Certificate (mTLS) 4. Enable client certificate and select your credential

`$3`

1. Expand Certificate Revocation 2. Toggle Enable Revocation Checking to On (Free: OCSP + CRL with soft-fail) 3. For advanced policies or hard-fail mode, a Pro license is required

`Activating Pro Features`

Pro features are unlocked with a license key. The license works completely offline.

`$3`

| Feature | Free | Pro | |---------|:----:|:---:| | TLS version control (1.2, 1.3) | Yes | Yes | | Cipher suite presets (Modern, Intermediate, Compatible) | Yes | Yes | | Custom OpenSSL cipher strings | Yes | Yes | | Individual cipher selection within profiles | Yes | Yes | | Curated CA bundle (Mozilla NSS) | Yes | Yes | | Custom CA bundles & additional CAs (with validation) | Yes | Yes | | Basic certificate verification | Yes | Yes | | Basic revocation checking (OCSP + CRL, soft-fail) | Yes | Yes | | HTTP/2 support (with automatic fallback) | Yes | Yes | | Connection pooling for improved performance | Yes | Yes | | Proxy authentication (Basic, Digest, NTLM) | Yes | Yes | | Certificate pinning | - | Yes | | Mutual TLS (mTLS) | - | Yes | | Advanced revocation policies | - | Yes | | OCSP stapling support | - | Yes | | Hard-fail mode | - | Yes | | Custom CRL/OCSP URLs | - | Yes | | Revocation cache with configurable TTL | - | Yes | | FIPS 140-3 mode | - | Yes | | SIEM log export (JSON, CEF, Syslog) | - | Yes |

> Pro License: One-time purchase, works offline, no subscription. > Purchase at cyphers.ai or contact sales@cyphers.ai

Purchase at cyphers.ai or contact sales@cyphers.ai

`$3`

1. In n8n, go to Credentials and create a new HTTPS Pro License credential 2. Paste your license key (format:HTTPS-xxxxx.xxxxx`)
3. In the HTTPS node, select your license credential under Pro License

The license is validated locally using cryptographic signatures - no internet connection required.

Configuration Reference

See TECHNICAL_DETAILS.md for complete configuration options and API reference.

Security Considerations

- Client certificate private keys are stored encrypted in n8n's credential store
- File path references for certificates are server-side paths (not uploaded from browser)
- FIPS mode strictly enforces FIPS-approved algorithms
- The bundled CA store is updated with each plugin release

Support

- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Architecture Requests: contact@cyphers.ai
- Pro Sales: sales@cyphers.ai

Roadmap

Planned features for upcoming releases:

- Request/Response Size Limits: Configurable maximum sizes to prevent memory exhaustion from large payloads
- CA Bundle Integrity Verification: Cryptographic signing of the bundled CA certificates for supply chain security
- SIEM Error Alerting: Callbacks and fallback logging when SIEM transmission fails, preventing audit blind spots

Have a feature request? Open an issue on GitHub or contact us at contact@cyphers.ai.

License

The node is open source under the MIT License. Pro features require a commercial license key.

Contributing

Contributions are welcome! Please read our contributing guidelines before submitting PRs.

n8n HTTPS Node

An enterprise-grade HTTPS request node for n8n with advanced TLS/SSL controls, FIPS 140-3 compliance support, and mutual TLS (mTLS) capabilities.

Why This Node?

The stock n8n HTTP Request node works well for most use cases, but enterprise and security-focused environments often require:

This node provides all of these capabilities while maintaining the familiar n8n workflow experience.

Features

$3

| Mode | Description |
|------|-------------|
| Standard | Full OpenSSL 3.x with all algorithms available |
| FIPS | FIPS 140-3 validated cryptography only (OpenSSL 3.0.9+ FIPS provider) |

$3

Choose from preset profiles or define custom cipher strings:

$3

Free Tier:
- Simple on/off toggle
- OCSP check with CRL fallback
- Soft-fail (proceeds if check times out)

$3

Full HTTP/2 support for improved performance:

$3

Reuse TCP connections across multiple requests:

$3

Full proxy support with multiple authentication methods:

NTLM authentication uses the full NTLMv2 protocol for secure authentication with Windows-based proxies.

$3

Restrict which server certificates are accepted:

$3

Authenticate to servers using client certificates:

- Load from n8n credential store (PEM or PKCS#12 format)
- Reference server-side file paths
- PKCS#12 (.p12/.pfx) support with password
- Password-protected private keys supported

$3

Export TLS security events to your SIEM for compliance and monitoring:

Requirements

> Need support for additional architectures? (ARM64, Alpine/musl, etc.)
> Contact us at contact@cyphers.ai

Installation

$3

1. Open your n8n instance
2. Go to Settings > Community Nodes
3. Search for n8n-nodes-https
4. Click Install

$3

``bash

`Create custom extensions directory if it doesn't exist`


mkdir -p ~/.n8n/custom
cd ~/.n8n/custom
npm init -y
npm install n8n-nodes-https
Set the environment variable (add to your shell profile for persistence)

export N8N_CUSTOM_EXTENSIONS="$HOME/.n8n/custom"


Restart n8n after installation.
$3

`dockerfile FROM n8nio/n8n:latest

USER root RUN cd /usr/local/lib/node_modules/n8n && \ npm install n8n-nodes-https USER node`

> Detailed Instructions: See INSTALLATION.md for Docker Compose, development setup, building from source, and troubleshooting.

`Quick Start`

`$3`

1. Add the HTTPS node to your workflow 2. Set the Method and URL 3. Configure headers and body as needed 4. Execute the workflow

`$3`

1. In the node configuration, expand TLS/SSL Settings 2. Set Engine Mode to FIPS 3. Select a FIPS-compatible cipher profile

`$3`

1. Expand Certificate Revocation 2. Toggle Enable Revocation Checking to On (Free: OCSP + CRL with soft-fail) 3. For advanced policies or hard-fail mode, a Pro license is required

`Activating Pro Features`

Pro features are unlocked with a license key. The license works completely offline.

`$3`

> Pro License: One-time purchase, works offline, no subscription. > Purchase at cyphers.ai or contact sales@cyphers.ai

Purchase at cyphers.ai or contact sales@cyphers.ai

`$3`

The license is validated locally using cryptographic signatures - no internet connection required.

Configuration Reference

See TECHNICAL_DETAILS.md for complete configuration options and API reference.

Security Considerations

Support

- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Architecture Requests: contact@cyphers.ai
- Pro Sales: sales@cyphers.ai

Roadmap

Planned features for upcoming releases:

Have a feature request? Open an issue on GitHub or contact us at contact@cyphers.ai.

License

The node is open source under the MIT License. Pro features require a commercial license key.

Contributing

Contributions are welcome! Please read our contributing guidelines before submitting PRs.