I've poked around and tried several ways to pass the TLS key/cert and pfx files, none of them worked. It seems that when passing the buffer from readFileSync to manifest, then to glue, and then to hapi, there's no conceivable way to keep the buffer from being converted. Then when it's converted to a string, Node complains header too long.

Have you tried to use TLS with your framework? Does it just work for you? Thanks!

An hour after posting the preview comment, I found the cause and solution! It was indeed caused by the combo of Glue+Manifest+Confidence, and if one was to follow the standard documentation of directly passing readFileSync, the binary buffer of your key/cert or pfx files will be converted to a strange format that's not readable by the final node https createServer.

I started with key/cert and then switched to pfx in hoping of better debugging experience, but pfx won't work because the only solution to this issue is to pass string and use 'utf8' encoding. Pfx files are generally too large and node will throw a header too long error. So far the only solution I've found is to use key/cert, encode them in 'utf8', and everything will just work.

My current preference is to put SSL/TLS termination in front of the application, which also makes it a bit easier to switch between production and dev environements. For example, using the Heroku SSL addon or with AWS using an elastic load balancer to terminate the SSL.

I answered a similar question for Aqua last November. Checkout the full discussion here: jedireza/aqua#139

Thanks for the feedback! I went through that discussion before and unfortunately that setup wasn't possible for my current project. The workaround was nice but unintuitive, and passing to server.connection simply wouldn't work as my previous comments have shown.

I will put this issue on Glue and see if there's any possible direct solution to any field containing readFileSync buffer data. Thanks!