diff --git a/lib/_tls_common.js b/lib/_tls_common.js
index d8f6afed0bd8fb..6c124d35f48dd1 100644
--- a/lib/_tls_common.js
+++ b/lib/_tls_common.js
@@ -56,6 +56,15 @@ function SecureContext(secureProtocol, secureOptions, context) {
   if (secureOptions) this.context.setOptions(secureOptions);
 }
 
+SecureContext.prototype.getTicketKeys = function getTicketKeys() {
+  return this.context.getTicketKeys();
+};
+
+
+SecureContext.prototype.setTicketKeys = function setTicketKeys(keys) {
+  this.context.setTicketKeys(keys);
+};
+
 function validateKeyCert(name, value) {
   if (typeof value !== 'string' && !isArrayBufferView(value)) {
     throw new ERR_INVALID_ARG_TYPE(
@@ -223,6 +232,14 @@ exports.createSecureContext = function createSecureContext(options, context) {
                                    options.clientCertEngine);
   }
 
+  if (options.ticketKeys) {
+    c.context.setTicketKeys(options.ticketKeys);
+  }
+
+  if (options.sessionTimeout) {
+    c.context.setSessionTimeout(options.sessionTimeout);
+  }
+
   return c;
 };
 
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index d85d85752b631b..f8594b374c7bec 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -885,7 +885,9 @@ function Server(options, listener) {
     secureOptions: this.secureOptions,
     honorCipherOrder: this.honorCipherOrder,
     crl: this.crl,
-    sessionIdContext: this.sessionIdContext
+    sessionIdContext: this.sessionIdContext,
+    ticketKeys: this.ticketKeys,
+    sessionTimeout: this.sessionTimeout,
   });
 
   this[kHandshakeTimeout] = options.handshakeTimeout || (120 * 1000);
@@ -896,14 +898,6 @@ function Server(options, listener) {
       'options.handshakeTimeout', 'number', options.handshakeTimeout);
   }
 
-  if (this.sessionTimeout) {
-    this._sharedCreds.context.setSessionTimeout(this.sessionTimeout);
-  }
-
-  if (this.ticketKeys) {
-    this._sharedCreds.context.setTicketKeys(this.ticketKeys);
-  }
-
   // constructor call
   net.Server.call(this, tlsConnectionListener);
 
diff --git a/test/parallel/test-tls-securecontext-ticketkeys.js b/test/parallel/test-tls-securecontext-ticketkeys.js
new file mode 100644
index 00000000000000..4a20a29be1f2bd
--- /dev/null
+++ b/test/parallel/test-tls-securecontext-ticketkeys.js
@@ -0,0 +1,24 @@
+'use strict';
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+const fixtures = require('../common/fixtures');
+
+const assert = require('assert');
+const crypto = require('crypto');
+const tls = require('tls');
+
+const keys = crypto.randomBytes(48);
+const otherKeys = crypto.randomBytes(48);
+
+const context = tls.createSecureContext({
+  key: fixtures.readKey('agent1-key.pem'),
+  cert: fixtures.readKey('agent1-cert.pem'),
+  ticketKeys: keys,
+  sessionTimeout: 1,
+});
+
+assert.deepStrictEqual(context.getTicketKeys(), keys);
+context.setTicketKeys(otherKeys);
+assert.deepStrictEqual(context.getTicketKeys(), otherKeys);
+setTimeout(() => assert.deepStrictEqual(context.getTicketKeys(), otherKeys), 5000);