2012-02-27 20:09:35 +01:00
|
|
|
# TLS (SSL)
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2015-02-25 01:15:26 +01:00
|
|
|
Stability: 2 - Stable
|
2012-03-03 00:14:03 +01:00
|
|
|
|
2010-12-08 22:22:12 +01:00
|
|
|
Use `require('tls')` to access this module.
|
|
|
|
|
|
|
|
The `tls` module uses OpenSSL to provide Transport Layer Security and/or
|
|
|
|
Secure Socket Layer: encrypted stream communication.
|
|
|
|
|
|
|
|
TLS/SSL is a public/private key infrastructure. Each client and each
|
2014-03-29 01:20:14 +01:00
|
|
|
server must have a private key. A private key is created like this:
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2014-11-07 16:05:00 +01:00
|
|
|
openssl genrsa -out ryans-key.pem 2048
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2014-03-29 01:20:14 +01:00
|
|
|
All servers and some clients need to have a certificate. Certificates are public
|
2010-12-08 22:22:12 +01:00
|
|
|
keys signed by a Certificate Authority or self-signed. The first step to
|
|
|
|
getting a certificate is to create a "Certificate Signing Request" (CSR)
|
|
|
|
file. This is done with:
|
|
|
|
|
2014-11-07 16:05:00 +01:00
|
|
|
openssl req -new -sha256 -key ryans-key.pem -out ryans-csr.pem
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
To create a self-signed certificate with the CSR, do this:
|
|
|
|
|
|
|
|
openssl x509 -req -in ryans-csr.pem -signkey ryans-key.pem -out ryans-cert.pem
|
|
|
|
|
|
|
|
Alternatively you can send the CSR to a Certificate Authority for signing.
|
|
|
|
|
2015-02-15 18:43:36 +01:00
|
|
|
For Perfect Forward Secrecy, it is required to generate Diffie-Hellman
|
|
|
|
parameters:
|
|
|
|
|
|
|
|
openssl dhparam -outform PEM -out dhparam.pem 2048
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2012-05-13 21:38:23 +02:00
|
|
|
To create .pfx or .p12, do this:
|
|
|
|
|
|
|
|
openssl pkcs12 -export -in agent5-cert.pem -inkey agent5-key.pem \
|
|
|
|
-certfile ca-cert.pem -out agent5.pfx
|
|
|
|
|
|
|
|
- `in`: certificate
|
|
|
|
- `inkey`: private key
|
|
|
|
- `certfile`: all CA certs concatenated in one file like
|
|
|
|
`cat ca1-cert.pem ca2-cert.pem > ca-cert.pem`
|
|
|
|
|
|
|
|
|
2012-02-27 20:09:35 +01:00
|
|
|
## Client-initiated renegotiation attack mitigation
|
|
|
|
|
|
|
|
<!-- type=misc -->
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2012-02-15 19:26:43 +01:00
|
|
|
The TLS protocol lets the client renegotiate certain aspects of the TLS session.
|
|
|
|
Unfortunately, session renegotiation requires a disproportional amount of
|
|
|
|
server-side resources, which makes it a potential vector for denial-of-service
|
|
|
|
attacks.
|
|
|
|
|
|
|
|
To mitigate this, renegotiations are limited to three times every 10 minutes. An
|
2013-06-13 15:36:00 +02:00
|
|
|
error is emitted on the [tls.TLSSocket][] instance when the threshold is
|
2012-06-06 21:05:18 +02:00
|
|
|
exceeded. The limits are configurable:
|
2012-02-15 19:26:43 +01:00
|
|
|
|
|
|
|
- `tls.CLIENT_RENEG_LIMIT`: renegotiation limit, default is 3.
|
|
|
|
|
|
|
|
- `tls.CLIENT_RENEG_WINDOW`: renegotiation window in seconds, default is
|
2013-07-08 20:25:40 +02:00
|
|
|
10 minutes.
|
2012-02-15 19:26:43 +01:00
|
|
|
|
|
|
|
Don't change the defaults unless you know what you are doing.
|
|
|
|
|
|
|
|
To test your server, connect to it with `openssl s_client -connect address:port`
|
|
|
|
and tap `R<CR>` (that's the letter `R` followed by a carriage return) a few
|
|
|
|
times.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2012-02-17 23:58:42 +01:00
|
|
|
|
2012-02-27 20:09:35 +01:00
|
|
|
## NPN and SNI
|
|
|
|
|
|
|
|
<!-- type=misc -->
|
2012-02-17 23:58:42 +01:00
|
|
|
|
|
|
|
NPN (Next Protocol Negotiation) and SNI (Server Name Indication) are TLS
|
|
|
|
handshake extensions allowing you:
|
|
|
|
|
|
|
|
* NPN - to use one TLS server for multiple protocols (HTTP, SPDY)
|
|
|
|
* SNI - to use one TLS server for multiple hostnames with different SSL
|
|
|
|
certificates.
|
|
|
|
|
|
|
|
|
2014-01-05 12:07:54 +01:00
|
|
|
## Perfect Forward Secrecy
|
|
|
|
|
|
|
|
<!-- type=misc -->
|
|
|
|
|
|
|
|
The term "[Forward Secrecy]" or "Perfect Forward Secrecy" describes a feature of
|
|
|
|
key-agreement (i.e. key-exchange) methods. Practically it means that even if the
|
|
|
|
private key of a (your) server is compromised, communication can only be
|
|
|
|
decrypted by eavesdroppers if they manage to obtain the key-pair specifically
|
|
|
|
generated for each session.
|
|
|
|
|
|
|
|
This is achieved by randomly generating a key pair for key-agreement on every
|
|
|
|
handshake (in contrary to the same key for all sessions). Methods implementing
|
|
|
|
this technique, thus offering Perfect Forward Secrecy, are called "ephemeral".
|
|
|
|
|
2014-07-16 16:04:34 +02:00
|
|
|
Currently two methods are commonly used to achieve Perfect Forward Secrecy (note
|
2014-01-05 12:07:54 +01:00
|
|
|
the character "E" appended to the traditional abbreviations):
|
|
|
|
|
|
|
|
* [DHE] - An ephemeral version of the Diffie Hellman key-agreement protocol.
|
|
|
|
* [ECDHE] - An ephemeral version of the Elliptic Curve Diffie Hellman
|
|
|
|
key-agreement protocol.
|
|
|
|
|
|
|
|
Ephemeral methods may have some performance drawbacks, because key generation
|
|
|
|
is expensive.
|
|
|
|
|
|
|
|
|
2013-03-19 00:16:55 +01:00
|
|
|
## tls.getCiphers()
|
|
|
|
|
|
|
|
Returns an array with the names of the supported SSL ciphers.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
var ciphers = tls.getCiphers();
|
|
|
|
console.log(ciphers); // ['AES128-SHA', 'AES256-SHA', ...]
|
|
|
|
|
|
|
|
|
2014-09-25 00:41:31 +02:00
|
|
|
## tls.createServer(options[, secureConnectionListener])
|
2011-10-15 18:26:38 +02:00
|
|
|
|
2012-06-06 21:05:18 +02:00
|
|
|
Creates a new [tls.Server][]. The `connectionListener` argument is
|
|
|
|
automatically set as a listener for the [secureConnection][] event. The
|
|
|
|
`options` object has these possibilities:
|
2011-10-15 18:26:38 +02:00
|
|
|
|
2012-05-13 21:38:23 +02:00
|
|
|
- `pfx`: A string or `Buffer` containing the private key, certificate and
|
|
|
|
CA certs of the server in PFX or PKCS12 format. (Mutually exclusive with
|
|
|
|
the `key`, `cert` and `ca` options.)
|
|
|
|
|
2011-10-15 18:26:38 +02:00
|
|
|
- `key`: A string or `Buffer` containing the private key of the server in
|
2014-09-01 16:44:57 +02:00
|
|
|
PEM format. (Could be an array of keys). (Required)
|
2011-10-15 18:26:38 +02:00
|
|
|
|
2012-05-13 21:38:23 +02:00
|
|
|
- `passphrase`: A string of passphrase for the private key or pfx.
|
2011-10-26 19:34:56 +02:00
|
|
|
|
2011-10-15 18:26:38 +02:00
|
|
|
- `cert`: A string or `Buffer` containing the certificate key of the server in
|
2014-09-01 16:44:57 +02:00
|
|
|
PEM format. (Could be an array of certs). (Required)
|
2011-10-15 18:26:38 +02:00
|
|
|
|
2013-09-16 22:57:00 +02:00
|
|
|
- `ca`: An array of strings or `Buffer`s of trusted certificates in PEM
|
|
|
|
format. If this is omitted several well known "root" CAs will be used,
|
|
|
|
like VeriSign. These are used to authorize connections.
|
2011-10-15 18:26:38 +02:00
|
|
|
|
2012-02-10 06:58:58 +01:00
|
|
|
- `crl` : Either a string or list of strings of PEM encoded CRLs (Certificate
|
|
|
|
Revocation List)
|
|
|
|
|
2015-02-15 18:43:36 +01:00
|
|
|
- `ciphers`: A string describing the ciphers to use or exclude, seperated by
|
|
|
|
`:`. The default cipher suite is:
|
2014-08-28 09:51:42 +02:00
|
|
|
|
2015-05-08 20:54:34 +02:00
|
|
|
ECDHE-RSA-AES128-GCM-SHA256:
|
|
|
|
ECDHE-ECDSA-AES128-GCM-SHA256:
|
|
|
|
ECDHE-RSA-AES256-GCM-SHA384:
|
|
|
|
ECDHE-ECDSA-AES256-GCM-SHA384:
|
|
|
|
DHE-RSA-AES128-GCM-SHA256:
|
|
|
|
ECDHE-RSA-AES128-SHA256:
|
|
|
|
DHE-RSA-AES128-SHA256:
|
|
|
|
ECDHE-RSA-AES256-SHA384:
|
|
|
|
DHE-RSA-AES256-SHA384:
|
|
|
|
ECDHE-RSA-AES256-SHA256:
|
|
|
|
DHE-RSA-AES256-SHA256:
|
|
|
|
HIGH:
|
|
|
|
!aNULL:
|
|
|
|
!eNULL:
|
|
|
|
!EXPORT:
|
|
|
|
!DES:
|
|
|
|
!RC4:
|
|
|
|
!MD5:
|
|
|
|
!PSK:
|
|
|
|
!SRP:
|
|
|
|
!CAMELLIA
|
|
|
|
|
|
|
|
The default cipher suite prefers GCM ciphers for [Chrome's 'modern
|
|
|
|
cryptography' setting] and also prefers ECDHE and DHE ciphers for Perfect
|
|
|
|
Forward secrecy, while offering *some* backward compatibiltity.
|
|
|
|
|
|
|
|
128 bit AES is preferred over 192 and 256 bit AES in light of [specific
|
|
|
|
attacks affecting larger AES key sizes].
|
|
|
|
|
|
|
|
Old clients that rely on insecure and deprecated RC4 or DES-based ciphers
|
|
|
|
(like Internet Explorer 6) aren't able to complete the handshake with the default
|
2015-02-15 18:43:36 +01:00
|
|
|
configuration. If you absolutely must support these clients, the
|
|
|
|
[TLS recommendations] may offer a compatible cipher suite. For more details
|
|
|
|
on the format, see the [OpenSSL cipher list format documentation].
|
2013-10-14 16:53:59 +02:00
|
|
|
|
2014-01-05 12:07:54 +01:00
|
|
|
- `ecdhCurve`: A string describing a named curve to use for ECDH key agreement
|
|
|
|
or false to disable ECDH.
|
2013-10-14 16:53:59 +02:00
|
|
|
|
2015-06-08 22:24:03 +02:00
|
|
|
Defaults to `prime256v1` (NIST P-256). Use [crypto.getCurves()][] to obtain
|
|
|
|
a list of available curve names. On recent releases,
|
|
|
|
`openssl ecparam -list_curves` will also display the name and description of
|
|
|
|
each available elliptic curve.
|
2013-10-14 16:53:59 +02:00
|
|
|
|
2015-02-26 15:36:41 +01:00
|
|
|
- `dhparam`: A string or `Buffer` containing Diffie Hellman parameters,
|
|
|
|
required for Perfect Forward Secrecy. Use `openssl dhparam` to create it.
|
2015-05-20 07:20:26 +02:00
|
|
|
Its key length should be greater than or equal to 1024 bits, otherwise
|
|
|
|
it throws an error. It is strongly recommended to use 2048 bits or
|
|
|
|
more for stronger security. If omitted or invalid, it is silently
|
|
|
|
discarded and DHE ciphers won't be available.
|
2014-08-27 11:00:13 +02:00
|
|
|
|
2012-12-03 18:29:01 +01:00
|
|
|
- `handshakeTimeout`: Abort the connection if the SSL/TLS handshake does not
|
|
|
|
finish in this many milliseconds. The default is 120 seconds.
|
|
|
|
|
|
|
|
A `'clientError'` is emitted on the `tls.Server` object whenever a handshake
|
|
|
|
times out.
|
|
|
|
|
2012-08-21 22:27:13 +02:00
|
|
|
- `honorCipherOrder` : When choosing a cipher, use the server's preferences
|
2015-02-15 18:43:36 +01:00
|
|
|
instead of the client preferences. Default: `true`.
|
2012-02-09 17:14:39 +01:00
|
|
|
|
2011-10-15 18:26:38 +02:00
|
|
|
- `requestCert`: If `true` the server will request a certificate from
|
|
|
|
clients that connect and attempt to verify that certificate. Default:
|
|
|
|
`false`.
|
|
|
|
|
|
|
|
- `rejectUnauthorized`: If `true` the server will reject any connection
|
|
|
|
which is not authorized with the list of supplied CAs. This option only
|
|
|
|
has an effect if `requestCert` is `true`. Default: `false`.
|
|
|
|
|
|
|
|
- `NPNProtocols`: An array or `Buffer` of possible NPN protocols. (Protocols
|
|
|
|
should be ordered by their priority).
|
|
|
|
|
2013-08-03 19:29:54 +02:00
|
|
|
- `SNICallback(servername, cb)`: A function that will be called if client
|
|
|
|
supports SNI TLS extension. Two argument will be passed to it: `servername`,
|
|
|
|
and `cb`. `SNICallback` should invoke `cb(null, ctx)`, where `ctx` is a
|
|
|
|
SecureContext instance.
|
2014-03-07 00:27:01 +01:00
|
|
|
(You can use `tls.createSecureContext(...)` to get proper
|
2011-10-15 18:26:38 +02:00
|
|
|
SecureContext). If `SNICallback` wasn't provided - default callback with
|
|
|
|
high-level API will be used (see below).
|
|
|
|
|
2013-03-29 00:16:12 +01:00
|
|
|
- `sessionTimeout`: An integer specifying the seconds after which TLS
|
2013-03-18 15:10:41 +01:00
|
|
|
session identifiers and TLS session tickets created by the server are
|
|
|
|
timed out. See [SSL_CTX_set_timeout] for more details.
|
|
|
|
|
2014-02-03 22:32:13 +01:00
|
|
|
- `ticketKeys`: A 48-byte `Buffer` instance consisting of 16-byte prefix,
|
|
|
|
16-byte hmac key, 16-byte AES key. You could use it to accept tls session
|
|
|
|
tickets on multiple instances of tls server.
|
|
|
|
|
|
|
|
NOTE: Automatically shared between `cluster` module workers.
|
|
|
|
|
2014-12-05 08:01:55 +01:00
|
|
|
- `sessionIdContext`: A string containing an opaque identifier for session
|
2011-10-15 18:26:38 +02:00
|
|
|
resumption. If `requestCert` is `true`, the default is MD5 hash value
|
|
|
|
generated from command-line. Otherwise, the default is not provided.
|
|
|
|
|
2013-07-25 23:21:52 +02:00
|
|
|
- `secureProtocol`: The SSL method to use, e.g. `SSLv3_method` to force
|
|
|
|
SSL version 3. The possible values depend on your installation of
|
|
|
|
OpenSSL and are defined in the constant [SSL_METHODS][].
|
|
|
|
|
2011-10-15 18:26:38 +02:00
|
|
|
Here is a simple example echo server:
|
|
|
|
|
|
|
|
var tls = require('tls');
|
|
|
|
var fs = require('fs');
|
|
|
|
|
|
|
|
var options = {
|
|
|
|
key: fs.readFileSync('server-key.pem'),
|
|
|
|
cert: fs.readFileSync('server-cert.pem'),
|
2011-10-16 09:31:41 +02:00
|
|
|
|
|
|
|
// This is necessary only if using the client certificate authentication.
|
2011-10-15 18:26:38 +02:00
|
|
|
requestCert: true,
|
2011-10-16 09:31:41 +02:00
|
|
|
|
|
|
|
// This is necessary only if the client uses the self-signed certificate.
|
2011-10-15 18:26:38 +02:00
|
|
|
ca: [ fs.readFileSync('client-cert.pem') ]
|
|
|
|
};
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
var server = tls.createServer(options, function(socket) {
|
2011-10-15 18:26:38 +02:00
|
|
|
console.log('server connected',
|
2013-06-13 15:36:00 +02:00
|
|
|
socket.authorized ? 'authorized' : 'unauthorized');
|
|
|
|
socket.write("welcome!\n");
|
|
|
|
socket.setEncoding('utf8');
|
|
|
|
socket.pipe(socket);
|
2011-10-15 18:26:38 +02:00
|
|
|
});
|
|
|
|
server.listen(8000, function() {
|
|
|
|
console.log('server bound');
|
|
|
|
});
|
|
|
|
|
2012-05-13 21:38:23 +02:00
|
|
|
Or
|
|
|
|
|
|
|
|
var tls = require('tls');
|
|
|
|
var fs = require('fs');
|
|
|
|
|
|
|
|
var options = {
|
|
|
|
pfx: fs.readFileSync('server.pfx'),
|
2011-10-15 18:26:38 +02:00
|
|
|
|
2012-05-13 21:38:23 +02:00
|
|
|
// This is necessary only if using the client certificate authentication.
|
|
|
|
requestCert: true,
|
|
|
|
|
|
|
|
};
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
var server = tls.createServer(options, function(socket) {
|
2012-05-13 21:38:23 +02:00
|
|
|
console.log('server connected',
|
2013-06-13 15:36:00 +02:00
|
|
|
socket.authorized ? 'authorized' : 'unauthorized');
|
|
|
|
socket.write("welcome!\n");
|
|
|
|
socket.setEncoding('utf8');
|
|
|
|
socket.pipe(socket);
|
2012-05-13 21:38:23 +02:00
|
|
|
});
|
|
|
|
server.listen(8000, function() {
|
|
|
|
console.log('server bound');
|
|
|
|
});
|
2011-10-15 18:26:38 +02:00
|
|
|
You can test this server by connecting to it with `openssl s_client`:
|
|
|
|
|
|
|
|
|
|
|
|
openssl s_client -connect 127.0.0.1:8000
|
|
|
|
|
|
|
|
|
2014-09-25 00:41:31 +02:00
|
|
|
## tls.connect(options[, callback])
|
2014-09-30 01:32:34 +02:00
|
|
|
## tls.connect(port[, host][, options][, callback])
|
2010-12-11 11:26:48 +01:00
|
|
|
|
2011-11-02 01:27:50 +01:00
|
|
|
Creates a new client connection to the given `port` and `host` (old API) or
|
|
|
|
`options.port` and `options.host`. (If `host` is omitted, it defaults to
|
|
|
|
`localhost`.) `options` should be an object which specifies:
|
|
|
|
|
|
|
|
- `host`: Host the client should connect to
|
|
|
|
|
|
|
|
- `port`: Port the client should connect to
|
2010-12-11 11:26:48 +01:00
|
|
|
|
2012-01-09 02:28:49 +01:00
|
|
|
- `socket`: Establish secure connection on a given socket rather than
|
|
|
|
creating a new socket. If this option is specified, `host` and `port`
|
|
|
|
are ignored.
|
|
|
|
|
2012-12-15 02:00:13 +01:00
|
|
|
- `path`: Creates unix socket connection to path. If this option is
|
|
|
|
specified, `host` and `port` are ignored.
|
|
|
|
|
2012-05-13 21:38:23 +02:00
|
|
|
- `pfx`: A string or `Buffer` containing the private key, certificate and
|
2014-03-31 00:25:41 +02:00
|
|
|
CA certs of the client in PFX or PKCS12 format.
|
2012-05-13 21:38:23 +02:00
|
|
|
|
2011-10-16 09:31:41 +02:00
|
|
|
- `key`: A string or `Buffer` containing the private key of the client in
|
2014-09-01 16:44:57 +02:00
|
|
|
PEM format. (Could be an array of keys).
|
2011-10-26 19:34:56 +02:00
|
|
|
|
2012-05-13 21:38:23 +02:00
|
|
|
- `passphrase`: A string of passphrase for the private key or pfx.
|
2010-12-11 11:26:48 +01:00
|
|
|
|
2011-10-16 09:31:41 +02:00
|
|
|
- `cert`: A string or `Buffer` containing the certificate key of the client in
|
2014-09-01 16:44:57 +02:00
|
|
|
PEM format. (Could be an array of certs).
|
2010-12-11 11:26:48 +01:00
|
|
|
|
2013-09-16 22:57:00 +02:00
|
|
|
- `ca`: An array of strings or `Buffer`s of trusted certificates in PEM
|
|
|
|
format. If this is omitted several well known "root" CAs will be used,
|
|
|
|
like VeriSign. These are used to authorize connections.
|
2010-12-11 11:26:48 +01:00
|
|
|
|
2015-02-18 17:55:11 +01:00
|
|
|
- `ciphers`: A string describing the ciphers to use or exclude, separated by
|
|
|
|
`:`. Uses the same default cipher suite as `tls.createServer`.
|
|
|
|
|
2011-12-07 14:47:06 +01:00
|
|
|
- `rejectUnauthorized`: If `true`, the server certificate is verified against
|
|
|
|
the list of supplied CAs. An `'error'` event is emitted if verification
|
2014-01-17 18:15:36 +01:00
|
|
|
fails; `err.code` contains the OpenSSL error code. Default: `true`.
|
2011-12-07 14:47:06 +01:00
|
|
|
|
2013-09-16 22:57:34 +02:00
|
|
|
- `NPNProtocols`: An array of strings or `Buffer`s containing supported NPN
|
|
|
|
protocols. `Buffer`s should have following format: `0x05hello0x05world`,
|
2011-10-16 09:31:41 +02:00
|
|
|
where first byte is next protocol name's length. (Passing array should
|
2011-11-26 03:26:11 +01:00
|
|
|
usually be much simpler: `['hello', 'world']`.)
|
2011-07-30 16:03:05 +02:00
|
|
|
|
|
|
|
- `servername`: Servername for SNI (Server Name Indication) TLS extension.
|
|
|
|
|
2015-03-09 14:46:22 +01:00
|
|
|
- `checkServerIdentity(servername, cert)`: Provide an override for checking
|
|
|
|
server's hostname against the certificate. Should return an error if verification
|
|
|
|
fails. Return `undefined` if passing.
|
|
|
|
|
2013-05-15 21:14:20 +02:00
|
|
|
- `secureProtocol`: The SSL method to use, e.g. `SSLv3_method` to force
|
|
|
|
SSL version 3. The possible values depend on your installation of
|
|
|
|
OpenSSL and are defined in the constant [SSL_METHODS][].
|
|
|
|
|
2014-02-03 22:32:13 +01:00
|
|
|
- `session`: A `Buffer` instance, containing TLS session.
|
|
|
|
|
2012-10-08 19:10:29 +02:00
|
|
|
The `callback` parameter will be added as a listener for the
|
2012-06-06 21:05:18 +02:00
|
|
|
['secureConnect'][] event.
|
2010-12-11 11:26:48 +01:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
`tls.connect()` returns a [tls.TLSSocket][] object.
|
2010-12-11 11:26:48 +01:00
|
|
|
|
2011-10-15 18:26:38 +02:00
|
|
|
Here is an example of a client of echo server as described previously:
|
|
|
|
|
|
|
|
var tls = require('tls');
|
|
|
|
var fs = require('fs');
|
|
|
|
|
|
|
|
var options = {
|
2011-10-16 09:31:41 +02:00
|
|
|
// These are necessary only if using the client certificate authentication
|
2011-10-15 18:26:38 +02:00
|
|
|
key: fs.readFileSync('client-key.pem'),
|
|
|
|
cert: fs.readFileSync('client-cert.pem'),
|
2014-07-16 16:04:34 +02:00
|
|
|
|
2011-10-16 09:31:41 +02:00
|
|
|
// This is necessary only if the server uses the self-signed certificate
|
2011-10-15 18:26:38 +02:00
|
|
|
ca: [ fs.readFileSync('server-cert.pem') ]
|
|
|
|
};
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
var socket = tls.connect(8000, options, function() {
|
2011-10-15 18:26:38 +02:00
|
|
|
console.log('client connected',
|
2013-06-13 15:36:00 +02:00
|
|
|
socket.authorized ? 'authorized' : 'unauthorized');
|
|
|
|
process.stdin.pipe(socket);
|
2011-10-16 09:31:41 +02:00
|
|
|
process.stdin.resume();
|
|
|
|
});
|
2013-06-13 15:36:00 +02:00
|
|
|
socket.setEncoding('utf8');
|
|
|
|
socket.on('data', function(data) {
|
2011-10-16 09:31:41 +02:00
|
|
|
console.log(data);
|
2011-10-15 18:26:38 +02:00
|
|
|
});
|
2013-06-13 15:36:00 +02:00
|
|
|
socket.on('end', function() {
|
2011-10-16 09:31:41 +02:00
|
|
|
server.close();
|
2011-10-15 18:26:38 +02:00
|
|
|
});
|
|
|
|
|
2012-05-13 21:38:23 +02:00
|
|
|
Or
|
|
|
|
|
|
|
|
var tls = require('tls');
|
|
|
|
var fs = require('fs');
|
|
|
|
|
|
|
|
var options = {
|
|
|
|
pfx: fs.readFileSync('client.pfx')
|
|
|
|
};
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
var socket = tls.connect(8000, options, function() {
|
2012-05-13 21:38:23 +02:00
|
|
|
console.log('client connected',
|
2013-06-13 15:36:00 +02:00
|
|
|
socket.authorized ? 'authorized' : 'unauthorized');
|
|
|
|
process.stdin.pipe(socket);
|
2012-05-13 21:38:23 +02:00
|
|
|
process.stdin.resume();
|
|
|
|
});
|
2013-06-13 15:36:00 +02:00
|
|
|
socket.setEncoding('utf8');
|
|
|
|
socket.on('data', function(data) {
|
2012-05-13 21:38:23 +02:00
|
|
|
console.log(data);
|
|
|
|
});
|
2013-06-13 15:36:00 +02:00
|
|
|
socket.on('end', function() {
|
2012-05-13 21:38:23 +02:00
|
|
|
server.close();
|
|
|
|
});
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2013-07-03 09:46:01 +02:00
|
|
|
## Class: tls.TLSSocket
|
|
|
|
|
|
|
|
Wrapper for instance of [net.Socket][], replaces internal socket read/write
|
|
|
|
routines to perform transparent encryption/decryption of incoming/outgoing data.
|
|
|
|
|
|
|
|
## new tls.TLSSocket(socket, options)
|
|
|
|
|
|
|
|
Construct a new TLSSocket object from existing TCP socket.
|
|
|
|
|
|
|
|
`socket` is an instance of [net.Socket][]
|
|
|
|
|
|
|
|
`options` is an object that might contain following properties:
|
|
|
|
|
2014-03-07 00:27:01 +01:00
|
|
|
- `secureContext`: An optional TLS context object from
|
|
|
|
`tls.createSecureContext( ... )`
|
2013-07-03 09:46:01 +02:00
|
|
|
|
|
|
|
- `isServer`: If true - TLS socket will be instantiated in server-mode
|
|
|
|
|
|
|
|
- `server`: An optional [net.Server][] instance
|
|
|
|
|
|
|
|
- `requestCert`: Optional, see [tls.createSecurePair][]
|
|
|
|
|
|
|
|
- `rejectUnauthorized`: Optional, see [tls.createSecurePair][]
|
|
|
|
|
|
|
|
- `NPNProtocols`: Optional, see [tls.createServer][]
|
|
|
|
|
|
|
|
- `SNICallback`: Optional, see [tls.createServer][]
|
|
|
|
|
2014-02-03 22:32:13 +01:00
|
|
|
- `session`: Optional, a `Buffer` instance, containing TLS session
|
|
|
|
|
2014-04-14 19:15:57 +02:00
|
|
|
- `requestOCSP`: Optional, if `true` - OCSP status request extension would
|
|
|
|
be added to client hello, and `OCSPResponse` event will be emitted on socket
|
|
|
|
before establishing secure communication
|
|
|
|
|
2014-06-25 12:11:09 +02:00
|
|
|
|
|
|
|
## tls.createSecureContext(details)
|
|
|
|
|
|
|
|
Creates a credentials object, with the optional details being a
|
|
|
|
dictionary with keys:
|
|
|
|
|
|
|
|
* `pfx` : A string or buffer holding the PFX or PKCS12 encoded private
|
|
|
|
key, certificate and CA certificates
|
|
|
|
* `key` : A string holding the PEM encoded private key
|
|
|
|
* `passphrase` : A string of passphrase for the private key or pfx
|
|
|
|
* `cert` : A string holding the PEM encoded certificate
|
|
|
|
* `ca` : Either a string or list of strings of PEM encoded CA
|
|
|
|
certificates to trust.
|
|
|
|
* `crl` : Either a string or list of strings of PEM encoded CRLs
|
|
|
|
(Certificate Revocation List)
|
|
|
|
* `ciphers`: A string describing the ciphers to use or exclude.
|
|
|
|
Consult
|
|
|
|
<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT>
|
|
|
|
for details on the format.
|
2014-06-25 12:47:59 +02:00
|
|
|
* `honorCipherOrder` : When choosing a cipher, use the server's preferences
|
|
|
|
instead of the client preferences. For further details see `tls` module
|
|
|
|
documentation.
|
2014-06-25 12:11:09 +02:00
|
|
|
|
2015-02-07 11:25:13 +01:00
|
|
|
If no 'ca' details are given, then io.js will use the default
|
2014-06-25 12:11:09 +02:00
|
|
|
publicly trusted list of CAs as given in
|
|
|
|
<http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt>.
|
|
|
|
|
|
|
|
|
2014-09-30 01:32:34 +02:00
|
|
|
## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized])
|
2011-03-29 18:58:50 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
Creates a new secure pair object with two streams, one of which reads/writes
|
|
|
|
encrypted data, and one reads/writes cleartext data.
|
|
|
|
Generally the encrypted one is piped to/from an incoming encrypted data stream,
|
|
|
|
and the cleartext one is used as a replacement for the initial encrypted stream.
|
2011-03-29 18:58:50 +02:00
|
|
|
|
2014-03-07 00:27:01 +01:00
|
|
|
- `credentials`: A secure context object from tls.createSecureContext( ... )
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
- `isServer`: A boolean indicating whether this tls connection should be
|
|
|
|
opened as a server or a client.
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
- `requestCert`: A boolean indicating whether a server should request a
|
|
|
|
certificate from a connecting client. Only applies to server connections.
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
- `rejectUnauthorized`: A boolean indicating whether a server should
|
|
|
|
automatically reject clients with invalid certificates. Only applies to
|
|
|
|
servers with `requestCert` enabled.
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
`tls.createSecurePair()` returns a SecurePair object with `cleartext` and
|
2012-06-06 21:05:18 +02:00
|
|
|
`encrypted` stream properties.
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
NOTE: `cleartext` has the same APIs as [tls.TLSSocket][]
|
|
|
|
|
2012-02-27 20:09:35 +01:00
|
|
|
## Class: SecurePair
|
|
|
|
|
|
|
|
Returned by tls.createSecurePair.
|
|
|
|
|
2012-02-17 23:58:42 +01:00
|
|
|
### Event: 'secure'
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
The event is emitted from the SecurePair once the pair has successfully
|
|
|
|
established a secure connection.
|
2011-08-03 04:17:16 +02:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
Similarly to the checking for the server 'secureConnection' event,
|
|
|
|
pair.cleartext.authorized should be checked to confirm whether the certificate
|
|
|
|
used properly authorized.
|
2011-03-29 18:58:50 +02:00
|
|
|
|
2012-02-27 20:09:35 +01:00
|
|
|
## Class: tls.Server
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
This class is a subclass of `net.Server` and has the same methods on it.
|
|
|
|
Instead of accepting just raw TCP connections, this accepts encrypted
|
|
|
|
connections using TLS or SSL.
|
|
|
|
|
2012-02-17 23:58:42 +01:00
|
|
|
### Event: 'secureConnection'
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
`function (tlsSocket) {}`
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
This event is emitted after a new connection has been successfully
|
2014-12-05 08:01:55 +01:00
|
|
|
handshaked. The argument is an instance of [tls.TLSSocket][]. It has all the
|
2012-06-06 21:05:18 +02:00
|
|
|
common stream methods and events.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
`socket.authorized` is a boolean value which indicates if the
|
2011-02-25 01:36:43 +01:00
|
|
|
client has verified by one of the supplied certificate authorities for the
|
2013-06-13 15:36:00 +02:00
|
|
|
server. If `socket.authorized` is false, then
|
|
|
|
`socket.authorizationError` is set to describe how authorization
|
2010-12-08 22:22:12 +01:00
|
|
|
failed. Implied but worth mentioning: depending on the settings of the TLS
|
2011-07-30 16:03:05 +02:00
|
|
|
server, you unauthorized connections may be accepted.
|
2013-06-13 15:36:00 +02:00
|
|
|
`socket.npnProtocol` is a string containing selected NPN protocol.
|
|
|
|
`socket.servername` is a string containing servername requested with
|
2011-07-30 16:03:05 +02:00
|
|
|
SNI.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
|
2012-02-17 23:58:42 +01:00
|
|
|
### Event: 'clientError'
|
2011-12-17 18:09:16 +01:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
`function (exception, tlsSocket) { }`
|
2011-12-17 18:09:16 +01:00
|
|
|
|
|
|
|
When a client connection emits an 'error' event before secure connection is
|
|
|
|
established - it will be forwarded here.
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
`tlsSocket` is the [tls.TLSSocket][] that the error originated from.
|
2012-07-07 22:20:23 +02:00
|
|
|
|
|
|
|
|
2013-06-17 12:11:13 +02:00
|
|
|
### Event: 'newSession'
|
|
|
|
|
2014-02-14 14:01:34 +01:00
|
|
|
`function (sessionId, sessionData, callback) { }`
|
2013-06-17 12:11:13 +02:00
|
|
|
|
|
|
|
Emitted on creation of TLS session. May be used to store sessions in external
|
2014-02-14 14:01:34 +01:00
|
|
|
storage. `callback` must be invoked eventually, otherwise no data will be
|
|
|
|
sent or received from secure connection.
|
2013-06-17 12:11:13 +02:00
|
|
|
|
|
|
|
NOTE: adding this event listener will have an effect only on connections
|
|
|
|
established after addition of event listener.
|
|
|
|
|
|
|
|
|
|
|
|
### Event: 'resumeSession'
|
|
|
|
|
|
|
|
`function (sessionId, callback) { }`
|
|
|
|
|
|
|
|
Emitted when client wants to resume previous TLS session. Event listener may
|
|
|
|
perform lookup in external storage using given `sessionId`, and invoke
|
|
|
|
`callback(null, sessionData)` once finished. If session can't be resumed
|
|
|
|
(i.e. doesn't exist in storage) one may call `callback(null, null)`. Calling
|
|
|
|
`callback(err)` will terminate incoming connection and destroy socket.
|
|
|
|
|
|
|
|
NOTE: adding this event listener will have an effect only on connections
|
|
|
|
established after addition of event listener.
|
|
|
|
|
|
|
|
|
2014-04-14 19:15:57 +02:00
|
|
|
### Event: 'OCSPRequest'
|
|
|
|
|
|
|
|
`function (certificate, issuer, callback) { }`
|
|
|
|
|
|
|
|
Emitted when the client sends a certificate status request. You could parse
|
|
|
|
server's current certificate to obtain OCSP url and certificate id, and after
|
|
|
|
obtaining OCSP response invoke `callback(null, resp)`, where `resp` is a
|
|
|
|
`Buffer` instance. Both `certificate` and `issuer` are a `Buffer`
|
|
|
|
DER-representations of the primary and issuer's certificates. They could be used
|
|
|
|
to obtain OCSP certificate id and OCSP endpoint url.
|
|
|
|
|
|
|
|
Alternatively, `callback(null, null)` could be called, meaning that there is no
|
|
|
|
OCSP response.
|
|
|
|
|
|
|
|
Calling `callback(err)` will result in a `socket.destroy(err)` call.
|
|
|
|
|
|
|
|
Typical flow:
|
|
|
|
|
|
|
|
1. Client connects to server and sends `OCSPRequest` to it (via status info
|
|
|
|
extension in ClientHello.)
|
|
|
|
2. Server receives request and invokes `OCSPRequest` event listener if present
|
|
|
|
3. Server grabs OCSP url from either `certificate` or `issuer` and performs an
|
|
|
|
[OCSP request] to the CA
|
|
|
|
4. Server receives `OCSPResponse` from CA and sends it back to client via
|
|
|
|
`callback` argument
|
|
|
|
5. Client validates the response and either destroys socket or performs a
|
|
|
|
handshake.
|
|
|
|
|
2014-08-08 19:49:24 +02:00
|
|
|
NOTE: `issuer` could be null, if the certificate is self-signed or if the issuer
|
|
|
|
is not in the root certificates list. (You could provide an issuer via `ca`
|
|
|
|
option.)
|
2014-04-14 19:15:57 +02:00
|
|
|
|
|
|
|
NOTE: adding this event listener will have an effect only on connections
|
|
|
|
established after addition of event listener.
|
|
|
|
|
|
|
|
NOTE: you may want to use some npm module like [asn1.js] to parse the
|
|
|
|
certificates.
|
|
|
|
|
|
|
|
|
2015-01-19 03:24:11 +01:00
|
|
|
### server.listen(port[, hostname][, callback])
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2015-01-19 03:24:11 +01:00
|
|
|
Begin accepting connections on the specified `port` and `hostname`. If the
|
|
|
|
`hostname` is omitted, the server will accept connections on any IPv6 address
|
|
|
|
(`::`) when IPv6 is available, or any IPv4 address (`0.0.0.0`) otherwise. A
|
|
|
|
port value of zero will assign a random port.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
This function is asynchronous. The last parameter `callback` will be called
|
|
|
|
when the server has been bound.
|
|
|
|
|
|
|
|
See `net.Server` for more information.
|
|
|
|
|
|
|
|
|
2014-12-30 07:10:36 +01:00
|
|
|
### server.close([callback])
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
Stops the server from accepting new connections. This function is
|
|
|
|
asynchronous, the server is finally closed when the server emits a `'close'`
|
2014-12-30 07:10:36 +01:00
|
|
|
event. Optionally, you can pass a callback to listen for the `'close'` event.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2012-02-17 23:58:42 +01:00
|
|
|
### server.address()
|
2011-10-26 14:12:23 +02:00
|
|
|
|
2012-04-13 09:45:38 +02:00
|
|
|
Returns the bound address, the address family name and port of the
|
2012-06-06 21:05:18 +02:00
|
|
|
server as reported by the operating system. See [net.Server.address()][] for
|
|
|
|
more information.
|
2011-10-26 14:12:23 +02:00
|
|
|
|
2014-03-07 00:27:01 +01:00
|
|
|
### server.addContext(hostname, context)
|
2011-07-30 16:03:05 +02:00
|
|
|
|
|
|
|
Add secure context that will be used if client request's SNI hostname is
|
2014-03-07 00:27:01 +01:00
|
|
|
matching passed `hostname` (wildcards can be used). `context` can contain
|
2014-06-25 12:47:59 +02:00
|
|
|
`key`, `cert`, `ca` and/or any other properties from `tls.createSecureContext`
|
|
|
|
`options` argument.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2012-02-17 23:58:42 +01:00
|
|
|
### server.maxConnections
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2011-08-11 10:13:13 +02:00
|
|
|
Set this property to reject connections when the server's connection count
|
|
|
|
gets high.
|
2010-12-08 22:22:12 +01:00
|
|
|
|
2012-02-17 23:58:42 +01:00
|
|
|
### server.connections
|
2010-12-08 22:22:12 +01:00
|
|
|
|
|
|
|
The number of concurrent connections on the server.
|
2011-08-11 10:13:13 +02:00
|
|
|
|
|
|
|
|
2013-01-24 00:17:04 +01:00
|
|
|
## Class: CryptoStream
|
|
|
|
|
2013-06-17 03:56:00 +02:00
|
|
|
Stability: 0 - Deprecated. Use tls.TLSSocket instead.
|
2013-06-13 15:36:00 +02:00
|
|
|
|
2013-01-24 00:17:04 +01:00
|
|
|
This is an encrypted stream.
|
|
|
|
|
|
|
|
### cryptoStream.bytesWritten
|
|
|
|
|
|
|
|
A proxy to the underlying socket's bytesWritten accessor, this will return
|
|
|
|
the total bytes written to the socket, *including the TLS overhead*.
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
## Class: tls.TLSSocket
|
2011-08-11 10:13:13 +02:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
This is a wrapped version of [net.Socket][] that does transparent encryption
|
|
|
|
of written data and all required TLS negotiation.
|
2011-08-11 10:13:13 +02:00
|
|
|
|
2012-06-06 21:05:18 +02:00
|
|
|
This instance implements a duplex [Stream][] interfaces. It has all the
|
|
|
|
common stream methods and events.
|
2011-08-11 10:13:13 +02:00
|
|
|
|
2012-02-27 20:09:35 +01:00
|
|
|
### Event: 'secureConnect'
|
2011-10-15 12:27:21 +02:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
This event is emitted after a new connection has been successfully handshaked.
|
2011-10-15 12:27:21 +02:00
|
|
|
The listener will be called no matter if the server's certificate was
|
2013-06-13 15:36:00 +02:00
|
|
|
authorized or not. It is up to the user to test `tlsSocket.authorized`
|
2011-10-15 12:27:21 +02:00
|
|
|
to see if the server certificate was signed by one of the specified CAs.
|
2013-06-13 15:36:00 +02:00
|
|
|
If `tlsSocket.authorized === false` then the error can be found in
|
|
|
|
`tlsSocket.authorizationError`. Also if NPN was used - you can check
|
|
|
|
`tlsSocket.npnProtocol` for negotiated protocol.
|
2011-10-15 12:27:21 +02:00
|
|
|
|
2014-04-14 19:15:57 +02:00
|
|
|
### Event: 'OCSPResponse'
|
|
|
|
|
|
|
|
`function (response) { }`
|
|
|
|
|
|
|
|
This event will be emitted if `requestOCSP` option was set. `response` is a
|
|
|
|
buffer object, containing server's OCSP response.
|
|
|
|
|
|
|
|
Traditionally, the `response` is a signed object from the server's CA that
|
|
|
|
contains information about server's certificate revocation status.
|
|
|
|
|
2013-12-19 10:04:34 +01:00
|
|
|
### tlsSocket.encrypted
|
|
|
|
|
|
|
|
Static boolean value, always `true`. May be used to distinguish TLS sockets
|
|
|
|
from regular ones.
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
### tlsSocket.authorized
|
2011-08-11 10:13:13 +02:00
|
|
|
|
|
|
|
A boolean that is `true` if the peer certificate was signed by one of the
|
|
|
|
specified CAs, otherwise `false`
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
### tlsSocket.authorizationError
|
2011-08-11 10:13:13 +02:00
|
|
|
|
|
|
|
The reason why the peer's certificate has not been verified. This property
|
2013-06-13 15:36:00 +02:00
|
|
|
becomes available only when `tlsSocket.authorized === false`.
|
2011-08-11 10:13:13 +02:00
|
|
|
|
2014-04-17 13:57:36 +02:00
|
|
|
### tlsSocket.getPeerCertificate([ detailed ])
|
2011-08-11 10:13:13 +02:00
|
|
|
|
2011-11-26 03:26:11 +01:00
|
|
|
Returns an object representing the peer's certificate. The returned object has
|
2014-04-17 13:57:36 +02:00
|
|
|
some properties corresponding to the field of the certificate. If `detailed`
|
|
|
|
argument is `true` - the full chain with `issuer` property will be returned,
|
|
|
|
if `false` - only the top certificate without `issuer` property.
|
2011-08-11 10:13:13 +02:00
|
|
|
|
|
|
|
Example:
|
|
|
|
|
2014-04-17 13:57:36 +02:00
|
|
|
{ subject:
|
2011-08-11 10:13:13 +02:00
|
|
|
{ C: 'UK',
|
|
|
|
ST: 'Acknack Ltd',
|
|
|
|
L: 'Rhys Jones',
|
2015-02-07 11:25:13 +01:00
|
|
|
O: 'io.js',
|
2011-08-11 10:13:13 +02:00
|
|
|
OU: 'Test TLS Certificate',
|
|
|
|
CN: 'localhost' },
|
2014-04-17 13:57:36 +02:00
|
|
|
issuerInfo:
|
2011-08-11 10:13:13 +02:00
|
|
|
{ C: 'UK',
|
|
|
|
ST: 'Acknack Ltd',
|
|
|
|
L: 'Rhys Jones',
|
2015-02-07 11:25:13 +01:00
|
|
|
O: 'io.js',
|
2011-08-11 10:13:13 +02:00
|
|
|
OU: 'Test TLS Certificate',
|
|
|
|
CN: 'localhost' },
|
2014-04-17 13:57:36 +02:00
|
|
|
issuer:
|
|
|
|
{ ... another certificate ... },
|
|
|
|
raw: < RAW DER buffer >,
|
2011-08-11 10:13:13 +02:00
|
|
|
valid_from: 'Nov 11 09:52:22 2009 GMT',
|
|
|
|
valid_to: 'Nov 6 09:52:22 2029 GMT',
|
2013-11-25 15:09:57 +01:00
|
|
|
fingerprint: '2A:7A:C2:DD:E5:F9:CC:53:72:35:99:7A:02:5A:71:38:52:EC:8A:DF',
|
|
|
|
serialNumber: 'B9B0D332A1AA5635' }
|
2011-08-11 10:13:13 +02:00
|
|
|
|
|
|
|
If the peer does not provide a certificate, it returns `null` or an empty
|
|
|
|
object.
|
2011-10-26 14:12:23 +02:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
### tlsSocket.getCipher()
|
2012-03-23 05:04:10 +01:00
|
|
|
Returns an object representing the cipher name and the SSL/TLS
|
|
|
|
protocol version of the current connection.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
{ name: 'AES256-SHA', version: 'TLSv1/SSLv3' }
|
|
|
|
|
|
|
|
See SSL_CIPHER_get_name() and SSL_CIPHER_get_version() in
|
|
|
|
http://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_CIPHERS for more
|
|
|
|
information.
|
|
|
|
|
2013-08-23 15:53:16 +02:00
|
|
|
### tlsSocket.renegotiate(options, callback)
|
|
|
|
|
|
|
|
Initiate TLS renegotiation process. The `options` may contain the following
|
|
|
|
fields: `rejectUnauthorized`, `requestCert` (See [tls.createServer][]
|
|
|
|
for details). `callback(err)` will be executed with `null` as `err`,
|
|
|
|
once the renegotiation is successfully completed.
|
|
|
|
|
|
|
|
NOTE: Can be used to request peer's certificate after the secure connection
|
|
|
|
has been established.
|
|
|
|
|
|
|
|
ANOTHER NOTE: When running as the server, socket will be destroyed
|
|
|
|
with an error after `handshakeTimeout` timeout.
|
|
|
|
|
2014-01-17 19:46:49 +01:00
|
|
|
### tlsSocket.setMaxSendFragment(size)
|
|
|
|
|
|
|
|
Set maximum TLS fragment size (default and maximum value is: `16384`, minimum
|
|
|
|
is: `512`). Returns `true` on success, `false` otherwise.
|
|
|
|
|
|
|
|
Smaller fragment size decreases buffering latency on the client: large
|
|
|
|
fragments are buffered by the TLS layer until the entire fragment is received
|
|
|
|
and its integrity is verified; large fragments can span multiple roundtrips,
|
|
|
|
and their processing can be delayed due to packet loss or reordering. However,
|
|
|
|
smaller fragments add extra TLS framing bytes and CPU overhead, which may
|
|
|
|
decrease overall server throughput.
|
|
|
|
|
2014-02-03 22:32:13 +01:00
|
|
|
### tlsSocket.getSession()
|
|
|
|
|
|
|
|
Return ASN.1 encoded TLS session or `undefined` if none was negotiated. Could
|
|
|
|
be used to speed up handshake establishment when reconnecting to the server.
|
|
|
|
|
|
|
|
### tlsSocket.getTLSTicket()
|
|
|
|
|
|
|
|
NOTE: Works only with client TLS sockets. Useful only for debugging, for
|
|
|
|
session reuse provide `session` option to `tls.connect`.
|
|
|
|
|
|
|
|
Return TLS session ticket or `undefined` if none was negotiated.
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
### tlsSocket.address()
|
2011-10-26 14:12:23 +02:00
|
|
|
|
2012-04-13 09:45:38 +02:00
|
|
|
Returns the bound address, the address family name and port of the
|
|
|
|
underlying socket as reported by the operating system. Returns an
|
|
|
|
object with three properties, e.g.
|
|
|
|
`{ port: 12346, family: 'IPv4', address: '127.0.0.1' }`
|
2011-10-26 14:12:23 +02:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
### tlsSocket.remoteAddress
|
2011-10-26 14:12:23 +02:00
|
|
|
|
|
|
|
The string representation of the remote IP address. For example,
|
|
|
|
`'74.125.127.100'` or `'2001:4860:a005::68'`.
|
|
|
|
|
2014-07-16 16:04:34 +02:00
|
|
|
### tlsSocket.remoteFamily
|
|
|
|
|
|
|
|
The string representation of the remote IP family. `'IPv4'` or `'IPv6'`.
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
### tlsSocket.remotePort
|
2011-10-26 14:12:23 +02:00
|
|
|
|
|
|
|
The numeric representation of the remote port. For example, `443`.
|
2012-06-06 21:05:18 +02:00
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
### tlsSocket.localAddress
|
2013-05-20 15:14:30 +02:00
|
|
|
|
|
|
|
The string representation of the local IP address.
|
|
|
|
|
2013-06-13 15:36:00 +02:00
|
|
|
### tlsSocket.localPort
|
2013-05-20 15:14:30 +02:00
|
|
|
|
|
|
|
The numeric representation of the local port.
|
|
|
|
|
2012-08-21 22:27:13 +02:00
|
|
|
[OpenSSL cipher list format documentation]: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT
|
2015-05-08 20:54:34 +02:00
|
|
|
[Chrome's 'modern cryptography' setting]: http://www.chromium.org/Home/chromium-security/education/tls#TOC-Deprecation-of-TLS-Features-Algorithms-in-Chrome
|
|
|
|
[specific attacks affecting larger AES key sizes]: https://www.schneier.com/blog/archives/2009/07/another_new_aes.html
|
2012-08-21 22:27:13 +02:00
|
|
|
[BEAST attacks]: http://blog.ivanristic.com/2011/10/mitigating-the-beast-attack-on-tls.html
|
2015-06-08 22:24:03 +02:00
|
|
|
[crypto.getCurves()]: crypto.html#crypto_crypto_getcurves
|
2013-07-03 09:46:01 +02:00
|
|
|
[tls.createServer]: #tls_tls_createserver_options_secureconnectionlistener
|
2015-05-02 05:58:40 +02:00
|
|
|
[tls.createSecurePair]: #tls_tls_createsecurepair_context_isserver_requestcert_rejectunauthorized
|
2013-06-13 15:36:00 +02:00
|
|
|
[tls.TLSSocket]: #tls_class_tls_tlssocket
|
2013-07-03 09:46:01 +02:00
|
|
|
[net.Server]: net.html#net_class_net_server
|
|
|
|
[net.Socket]: net.html#net_class_net_socket
|
2012-06-06 21:05:18 +02:00
|
|
|
[net.Server.address()]: net.html#net_server_address
|
|
|
|
['secureConnect']: #tls_event_secureconnect
|
|
|
|
[secureConnection]: #tls_event_secureconnection
|
|
|
|
[Stream]: stream.html#stream_stream
|
2013-05-15 21:14:20 +02:00
|
|
|
[SSL_METHODS]: http://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_PROTOCOL_METHODS
|
2012-06-06 21:05:18 +02:00
|
|
|
[tls.Server]: #tls_class_tls_server
|
2013-03-18 15:10:41 +01:00
|
|
|
[SSL_CTX_set_timeout]: http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
|
2013-10-14 16:53:59 +02:00
|
|
|
[RFC 4492]: http://www.rfc-editor.org/rfc/rfc4492.txt
|
|
|
|
[Forward secrecy]: http://en.wikipedia.org/wiki/Perfect_forward_secrecy
|
2014-01-05 12:07:54 +01:00
|
|
|
[DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
|
|
|
|
[ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
|
2014-04-14 19:15:57 +02:00
|
|
|
[asn1.js]: http://npmjs.org/package/asn1.js
|
|
|
|
[OCSP request]: http://en.wikipedia.org/wiki/OCSP_stapling
|
2015-02-15 18:43:36 +01:00
|
|
|
[TLS recommendations]: https://wiki.mozilla.org/Security/Server_Side_TLS
|