nodejs · rickyes · Apr 11, 2020
diff --git a/doc/api/https.md b/doc/api/https.md
@@ -238,6 +238,9 @@ Global instance of [`https.Agent`][] for all HTTPS client requests.
 <!-- YAML
 added: v0.3.6
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/32786
+    description: The `highWaterMark` option is accepted now.
   - version: v10.9.0
     pr-url: https://github.com/nodejs/node/pull/21616
     description: The `url` parameter can now be passed along with a separate
@@ -263,7 +266,8 @@ Makes a request to a secure web server.
 The following additional `options` from [`tls.connect()`][] are also accepted:
 `ca`, `cert`, `ciphers`, `clientCertEngine`, `crl`, `dhparam`, `ecdhCurve`,
 `honorCipherOrder`, `key`, `passphrase`, `pfx`, `rejectUnauthorized`,
-`secureOptions`, `secureProtocol`, `servername`, `sessionIdContext`.
+`secureOptions`, `secureProtocol`, `servername`, `sessionIdContext`,
+`highWaterMark`.
 
 `options` can be an object, a string, or a [`URL`][] object. If `options` is a
 string, it is automatically parsed with [`new URL()`][]. If it is a [`URL`][]

diff --git a/doc/api/tls.md b/doc/api/tls.md
@@ -1274,6 +1274,9 @@ being issued by trusted CA (`options.ca`).
 <!-- YAML
 added: v0.11.3
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/32786
+    description: The `highWaterMark` option is accepted now.
   - version: v13.6.0
     pr-url: https://github.com/nodejs/node/pull/23188
     description: The `pskCallback` option is now supported.
@@ -1370,6 +1373,8 @@ changes:
     TLS connection. When a server offers a DH parameter with a size less
     than `minDHSize`, the TLS connection is destroyed and an error is thrown.
     **Default:** `1024`.
+  * `highWaterMark`: {number} Consistent with the readable stream `highWaterMark` parameter.
+    **Default:** `16 * 1024`.
   * `secureContext`: TLS context object created with
     [`tls.createSecureContext()`][]. If a `secureContext` is _not_ provided, one
     will be created by passing the entire `options` object to

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -494,7 +494,8 @@ function TLSSocket(socket, opts) {
     handle: this._wrapHandle(wrap),
     allowHalfOpen: socket ? socket.allowHalfOpen : tlsOptions.allowHalfOpen,
     pauseOnCreate: tlsOptions.pauseOnConnect,
-    manualStart: true
+    manualStart: true,
+    highWaterMark: tlsOptions.highWaterMark,
   });
 
   // Proxy for API compatibility
@@ -1582,6 +1583,7 @@ exports.connect = function connect(...args) {
     requestOCSP: options.requestOCSP,
     enableTrace: options.enableTrace,
     pskCallback: options.pskCallback,
+    highWaterMark: options.highWaterMark,
   });
 
   tlssock[kConnectOptions] = options;

diff --git a/test/parallel/test-https-hwm.js b/test/parallel/test-https-hwm.js
@@ -0,0 +1,66 @@
+'use strict';
+
+// Test https highWaterMark
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const https = require('https');
+const fixtures = require('../common/fixtures');
+
+let counter = 0;
+
+function loadCallback(highWaterMark) {
+  return common.mustCall(function(res) {
+    assert.strictEqual(highWaterMark, res.readableHighWaterMark);
+    counter--;
+    console.log('back from https request. ',
+                `highWaterMark = ${res.readableHighWaterMark}`);
+    if (counter === 0) {
+      httpsServer.close();
+      console.log('ok');
+    }
+    res.resume();
+  });
+}
+
+// create server
+const httpsServer = https.createServer({
+  key: fixtures.readKey('agent1-key.pem'),
+  cert: fixtures.readKey('agent1-cert.pem')
+}, common.mustCall(function(req, res) {
+  res.writeHead(200, {});
+  res.end('ok');
+}, 3)).listen(0, common.mustCall(function(err) {
+  console.log(`test https server listening on port ${this.address().port}`);
+  assert.ifError(err);
+
+  https.request({
+    method: 'GET',
+    path: `/${counter++}`,
+    host: 'localhost',
+    port: this.address().port,
+    rejectUnauthorized: false,
+    highWaterMark: 128000,
+  }, loadCallback(128000)).on('error', common.mustNotCall()).end();
+
+  https.request({
+    method: 'GET',
+    path: `/${counter++}`,
+    host: 'localhost',
+    port: this.address().port,
+    rejectUnauthorized: false,
+    highWaterMark: 0,
+  }, loadCallback(0)).on('error', common.mustNotCall()).end();
+
+  https.request({
+    method: 'GET',
+    path: `/${counter++}`,
+    host: 'localhost',
+    port: this.address().port,
+    rejectUnauthorized: false,
+    highWaterMark: undefined,
+  }, loadCallback(16 * 1024)).on('error', common.mustNotCall()).end();
+}));
diff --git a/test/parallel/test-tls-connect-hwm-option.js b/test/parallel/test-tls-connect-hwm-option.js
@@ -0,0 +1,53 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+const fixtures = require('../common/fixtures');
+
+const pem = (n) => fixtures.readKey(`${n}.pem`);
+
+let clients = 0;
+
+const server = tls.createServer({
+  key: pem('agent1-key'),
+  cert: pem('agent1-cert')
+}, common.mustCall(() => {
+  if (--clients === 0)
+    server.close();
+}, 3));
+
+server.listen(0, common.mustCall(() => {
+  clients++;
+  const highBob = tls.connect({
+    port: server.address().port,
+    rejectUnauthorized: false,
+    highWaterMark: 128000,
+  }, common.mustCall(() => {
+    assert.strictEqual(highBob.readableHighWaterMark, 128000);
+    highBob.end();
+  }));
+
+  clients++;
+  const defaultHighBob = tls.connect({
+    port: server.address().port,
+    rejectUnauthorized: false,
+    highWaterMark: undefined,
+  }, common.mustCall(() => {
+    assert.strictEqual(defaultHighBob.readableHighWaterMark, 16 * 1024);
+    defaultHighBob.end();
+  }));
+
+  clients++;
+  const zeroHighBob = tls.connect({
+    port: server.address().port,
+    rejectUnauthorized: false,
+    highWaterMark: 0,
+  }, common.mustCall(() => {
+    assert.strictEqual(zeroHighBob.readableHighWaterMark, 0);
+    zeroHighBob.end();
+  }));
+}));