Excessive TLS session resumptions detected

Q: How to fix Node.js ERR_TLS_SESSION_ATTACK Excessive TLS session resumptions detected?

Implement rate limiting on the connection layer: Rate limiting at the network layer prevents any single client from triggering the resumption threshold.

Production Risk

Monitor and rate-limit; this warning indicates potentially malicious connection patterns.

What this means

Thrown when an unusually high rate of TLS session resumption attempts is detected from a single client. This is a heuristic protection against Triple Handshake attacks where an attacker attempts to abuse TLS session resumption. Node.js tracks resumption attempts and warns when the threshold is exceeded.

Why it happens

1A client is making an abnormally high number of TLS session resumptions in a short time
2Automated scanning or attack tooling probing session resumption
3Buggy client that does not respect session resumption failure responses

How to reproduce

Triggered when the TLS server detects an excessive number of session resumptions from a single peer.

trigger — this will error

// Typically triggered by client behaviour, not server code directly
// A client rapidly reconnecting and attempting session resumption
// triggers the heuristic on the server side

expected output

Error [ERR_TLS_SESSION_ATTACK]: TLS session renegotiation attack detected

Fix

Implement rate limiting on the connection layer

WHEN To protect against excessive reconnection attempts

Implement rate limiting on the connection layer

// Use a rate limiter like express-rate-limit or a reverse proxy
// E.g., nginx: limit_conn and limit_req directives

Why this works

Rate limiting at the network layer prevents any single client from triggering the resumption threshold.

Code examples

Triggerjs

// Typically triggered by client behaviour, not server code directly
// A client rapidly reconnecting and attempting session resumption
// triggers the heuristic on the server side  // this triggers ERR_TLS_SESSION_ATTACK

Handle in try/catchjs

try {
  // operation that may throw ERR_TLS_SESSION_ATTACK
  riskyOperation()
} catch (err) {
  if (err.code === 'ERR_TLS_SESSION_ATTACK') {
    console.error('ERR_TLS_SESSION_ATTACK:', err.message)
  } else {
    throw err
  }
}

Defensive pattern to avoid itjs

// Validate inputs before calling the operation
function safe_err_tls_session_attack(...args) {
  // validate args here
  return performOperation(...args)
}

What not to do

✕ Ignore this warning in production

Excessive session resumptions may indicate an active attack; investigate the source IP.

Same error in other languages

ssl.SSLErrorin Python→

Sources

Official documentation ↗

Node.js Error Codes Documentation

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformNode.js Error Codes

CodeERR_TLS_SESSION_ATTACK

ClassTLS

SeverityWARNING

TierNotable

ConfidenceHIGH

← All Node.js errors