diff --git a/doc/api/tls.md b/doc/api/tls.md
index 0b8795661b1002a..432ffff8675c8ec 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -730,7 +730,8 @@ existing server. Existing connections to the server are not interrupted.
 added: v3.0.0
 -->
 
-* `keys` {Buffer} A 48-byte buffer containing the session ticket keys.
+* `keys` {Buffer|TypedArray|DataView} A 48-byte buffer containing the session
+  ticket keys.
 
 Sets the session ticket keys.
 
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 9ecd92021de17ff..bbcd62d9f046b09 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -1394,6 +1394,9 @@ Server.prototype.getTicketKeys = function getTicketKeys() {
 
 
 Server.prototype.setTicketKeys = function setTicketKeys(keys) {
+  validateBuffer(keys);
+  assert(keys.byteLength === 48,
+         'Session ticket keys must be a 48-byte buffer');
   this._sharedCreds.context.setTicketKeys(keys);
 };
 
diff --git a/test/parallel/test-tls-ticket-invalid-arg.js b/test/parallel/test-tls-ticket-invalid-arg.js
new file mode 100644
index 000000000000000..4a430d3b00b7b80
--- /dev/null
+++ b/test/parallel/test-tls-ticket-invalid-arg.js
@@ -0,0 +1,22 @@
+'use strict';
+const common = require('../common');
+if (!common.hasCrypto) {
+  common.skip('missing crypto');
+}
+
+const assert = require('assert');
+const tls = require('tls');
+
+[null, undefined, 0, 1, 1n, Symbol(), {}, [], true, false, ''].forEach(
+  (arg) =>
+    assert.throws(() => {
+      new tls.Server().setTicketKeys(arg);
+    }, /"buffer" argument must be an instance of Buffer, TypedArray, or DataView/)
+);
+
+[new Uint8Array(1), Buffer.from([1]), new DataView(new ArrayBuffer(2))].forEach(
+  (arg) =>
+    assert.throws(() => {
+      new tls.Server().setTicketKeys(arg);
+    }, /Session ticket keys must be a 48-byte buffer/)
+);