nodejs/doc/api/https.markdown

# HTTPS

    Stability: 3 - Stable

HTTPS is the HTTP protocol over TLS/SSL. In io.js this is implemented as a
separate module.

## Class: https.Server

This class is a subclass of `tls.Server` and emits events same as
`http.Server`. See `http.Server` for more information.

### server.setTimeout(msecs, callback)

See [http.Server#setTimeout()][].

### server.timeout

See [http.Server#timeout][].

## https.createServer(options[, requestListener])

Returns a new HTTPS web server object. The `options` is similar to
[tls.createServer()][].  The `requestListener` is a function which is
automatically added to the `'request'` event.

Example:

    // curl -k https://localhost:8000/
    var https = require('https');
    var fs = require('fs');

    var options = {
      key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
      cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
    };

    https.createServer(options, function (req, res) {
      res.writeHead(200);
      res.end("hello world\n");
    }).listen(8000);

Or

    var https = require('https');
    var fs = require('fs');

    var options = {
      pfx: fs.readFileSync('server.pfx')
    };

    https.createServer(options, function (req, res) {
      res.writeHead(200);
      res.end("hello world\n");
    }).listen(8000);


### server.listen(port[, host][, backlog][, callback])
### server.listen(path[, callback])
### server.listen(handle[, callback])

See [http.listen()][] for details.

### server.close([callback])

See [http.close()][] for details.

## https.request(options, callback)

Makes a request to a secure web server.

`options` can be an object or a string. If `options` is a string, it is
automatically parsed with [url.parse()](url.html#url.parse).

All options from [http.request()][] are valid.

Example:

    var https = require('https');

    var options = {
      hostname: 'encrypted.google.com',
      port: 443,
      path: '/',
      method: 'GET'
    };

    var req = https.request(options, function(res) {
      console.log("statusCode: ", res.statusCode);
      console.log("headers: ", res.headers);

      res.on('data', function(d) {
        process.stdout.write(d);
      });
    });
    req.end();

    req.on('error', function(e) {
      console.error(e);
    });

The options argument has the following options

- `host`: A domain name or IP address of the server to issue the request to.
  Defaults to `'localhost'`.
- `hostname`: To support `url.parse()` `hostname` is preferred over `host`
- `port`: Port of remote server. Defaults to 443.
- `method`: A string specifying the HTTP request method. Defaults to `'GET'`.
- `path`: Request path. Defaults to `'/'`. Should include query string if any.
  E.G. `'/index.html?page=12'`
- `headers`: An object containing request headers.
- `auth`: Basic authentication i.e. `'user:password'` to compute an
  Authorization header.
- `agent`: Controls [Agent][] behavior. When an Agent is used request will
  default to `Connection: keep-alive`. Possible values:
 - `undefined` (default): use [globalAgent][] for this host and port.
 - `Agent` object: explicitly use the passed in `Agent`.
 - `false`: opts out of connection pooling with an Agent, defaults request to
   `Connection: close`.

The following options from [tls.connect()][] can also be specified. However, a
[globalAgent][] silently ignores these.

- `pfx`: Certificate, Private key and CA certificates to use for SSL. Default `null`.
- `key`: Private key to use for SSL. Default `null`.
- `passphrase`: A string of passphrase for the private key or pfx. Default `null`.
- `cert`: Public x509 certificate to use. Default `null`.
- `ca`: An authority certificate or array of authority certificates to check
  the remote host against.
- `ciphers`: A string describing the ciphers to use or exclude. Consult
  <http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT> for
  details on the format.
- `rejectUnauthorized`: If `true`, the server certificate is verified against
  the list of supplied CAs. An `'error'` event is emitted if verification
  fails. Verification happens at the connection level, *before* the HTTP
  request is sent. Default `true`.
- `secureProtocol`: The SSL method to use, e.g. `SSLv3_method` to force
  SSL version 3. The possible values depend on your installation of
  OpenSSL and are defined in the constant [SSL_METHODS][].

In order to specify these options, use a custom `Agent`.

Example:

    var options = {
      hostname: 'encrypted.google.com',
      port: 443,
      path: '/',
      method: 'GET',
      key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
      cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')
    };
    options.agent = new https.Agent(options);

    var req = https.request(options, function(res) {
      ...
    }

Or does not use an `Agent`.

Example:

    var options = {
      hostname: 'encrypted.google.com',
      port: 443,
      path: '/',
      method: 'GET',
      key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),
      cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem'),
      agent: false
    };

    var req = https.request(options, function(res) {
      ...
    }

## https.get(options, callback)

Like `http.get()` but for HTTPS.

`options` can be an object or a string. If `options` is a string, it is
automatically parsed with [url.parse()](url.html#url.parse).

Example:

    var https = require('https');

    https.get('https://encrypted.google.com/', function(res) {
      console.log("statusCode: ", res.statusCode);
      console.log("headers: ", res.headers);

      res.on('data', function(d) {
        process.stdout.write(d);
      });

    }).on('error', function(e) {
      console.error(e);
    });


## Class: https.Agent

An Agent object for HTTPS similar to [http.Agent][].  See [https.request()][]
for more information.


## https.globalAgent

Global instance of [https.Agent][] for all HTTPS client requests.

[http.Server#setTimeout()]: http.html#http_server_settimeout_msecs_callback
[http.Server#timeout]: http.html#http_server_timeout
[Agent]: #https_class_https_agent
[globalAgent]: #https_https_globalagent
[http.listen()]: http.html#http_server_listen_port_hostname_backlog_callback
[http.close()]: http.html#http_server_close_callback
[http.Agent]: http.html#http_class_http_agent
[http.request()]: http.html#http_http_request_options_callback
[https.Agent]: #https_class_https_agent
[https.request()]: #https_https_request_options_callback
[tls.connect()]: tls.html#tls_tls_connect_options_callback
[tls.createServer()]: tls.html#tls_tls_createserver_options_secureconnectionlistener
[SSL_METHODS]: http://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_PROTOCOL_METHODS
doc refactor: https 2012-02-27 20:09:34 +01:00			`# HTTPS`
Initial pass at https client 2011-01-21 22:12:35 +01:00
doc: Add stability indicators to documentation 2012-03-03 00:14:03 +01:00			`Stability: 3 - Stable`

doc: update node.js references in api docs Fixes: https://github.com/iojs/io.js/issues/740 PR-URL: https://github.com/iojs/io.js/pull/750 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> 2015-02-07 11:25:13 +01:00			`HTTPS is the HTTP protocol over TLS/SSL. In io.js this is implemented as a`
Initial pass at https client 2011-01-21 22:12:35 +01:00			`separate module.`

doc refactor: https 2012-02-27 20:09:34 +01:00			`## Class: https.Server`
Doc improvements. 2011-04-28 09:36:04 +02:00
			This class is a subclass of `tls.Server` and emits events same as
			`http.Server`. See `http.Server` for more information.

https: implement https.Server#setTimeout() Like commit d258fb0 ("http: More useful setTimeout API on server") but this time for the https module. Fixes #5361. 2013-04-30 12:43:32 +02:00			`### server.setTimeout(msecs, callback)`

			`See [http.Server#setTimeout()][].`

			`### server.timeout`

			`See [http.Server#timeout][].`

doc: fix brackets for optional parameters Documentation incorrectly used bracket notation for optional parameters. This caused inconsistencies in usage because of examples like the following: fs.write(fd, data[, position[, encoding]], callback) This simply fixes all uses of bracket notation in documentation. Signed-off-by: Trevor Norris <trev.norris@gmail.com> Reviewed-by: Fedor Indutny <fedor@indutny.com> 2014-09-25 00:41:31 +02:00			`## https.createServer(options[, requestListener])`
Doc improvements. 2011-04-28 09:36:04 +02:00
docs: fix typo Fixes #2193. 2011-11-26 03:26:11 +01:00			Returns a new HTTPS web server object. The `options` is similar to
doc: Improve cross-linking in API docs markdown Cross-link EventEmitter references in API docs to events.html Fix broken cross-reference links with wrong anchor names in API docs. 2012-06-06 21:05:18 +02:00			[tls.createServer()][]. The `requestListener` is a function which is
			automatically added to the `'request'` event.
Initial pass at https client 2011-01-21 22:12:35 +01:00
			`Example:`

			`// curl -k https://localhost:8000/`
			`var https = require('https');`
			`var fs = require('fs');`

			`var options = {`
			`key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),`
			`cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')`
			`};`

			`https.createServer(options, function (req, res) {`
			`res.writeHead(200);`
			`res.end("hello world\n");`
			`}).listen(8000);`

crypto: add PKCS12/PFX support Fixes #2845. 2012-05-13 21:38:23 +02:00			`Or`

			`var https = require('https');`
			`var fs = require('fs');`

			`var options = {`
			`pfx: fs.readFileSync('server.pfx')`
			`};`

			`https.createServer(options, function (req, res) {`
			`res.writeHead(200);`
			`res.end("hello world\n");`
			`}).listen(8000);`
Initial pass at https client 2011-01-21 22:12:35 +01:00
doc: consistent use of the callback argument 2012-10-08 19:10:29 +02:00
doc: fix optional parameter parsing The parameter parser specifically looked for the old bracket syntax. This generated a lot of warnings when building the docs. Those warnings have been fixed by changing the parsing logic. Signed-off-by: Trevor Norris <trev.norris@gmail.com> 2014-09-30 01:32:34 +02:00			`### server.listen(port[, host][, backlog][, callback])`
doc: fix brackets for optional parameters Documentation incorrectly used bracket notation for optional parameters. This caused inconsistencies in usage because of examples like the following: fs.write(fd, data[, position[, encoding]], callback) This simply fixes all uses of bracket notation in documentation. Signed-off-by: Trevor Norris <trev.norris@gmail.com> Reviewed-by: Fedor Indutny <fedor@indutny.com> 2014-09-25 00:41:31 +02:00			`### server.listen(path[, callback])`
			`### server.listen(handle[, callback])`
doc: consistent use of the callback argument 2012-10-08 19:10:29 +02:00
			`See [http.listen()][] for details.`

			`### server.close([callback])`

			`See [http.close()][] for details.`

Add https.get() 2011-01-21 22:21:01 +01:00			`## https.request(options, callback)`
Initial pass at https client 2011-01-21 22:12:35 +01:00
https: make https.get() accept a URL https.get() now accepts either a URL (as a string) or an options object. Refs #2859. Fixes #3882. 2012-08-18 07:18:02 +02:00			`Makes a request to a secure web server.`

			`options` can be an object or a string. If `options` is a string, it is
			`automatically parsed with [url.parse()](url.html#url.parse).`

			`All options from [http.request()][] are valid.`
Initial pass at https client 2011-01-21 22:12:35 +01:00
			`Example:`

			`var https = require('https');`

			`var options = {`
doc: reflect hostname v. host preference in examples The documentation for http.request and https.request states that `hostname` is preferred over `host` so the code examples should use that option name. 2012-10-29 04:16:40 +01:00			`hostname: 'encrypted.google.com',`
Initial pass at https client 2011-01-21 22:12:35 +01:00			`port: 443,`
			`path: '/',`
			`method: 'GET'`
			`};`

			`var req = https.request(options, function(res) {`
			`console.log("statusCode: ", res.statusCode);`
			`console.log("headers: ", res.headers);`

			`res.on('data', function(d) {`
			`process.stdout.write(d);`
			`});`
			`});`
			`req.end();`

			`req.on('error', function(e) {`
			`console.error(e);`
			`});`

Document options for https.request Closes GH-768. 2011-03-10 22:34:35 +01:00			`The options argument has the following options`

docs: improvement fs, http and https 2011-10-22 16:40:15 +02:00			- `host`: A domain name or IP address of the server to issue the request to.
			Defaults to `'localhost'`.
docs: fix typo Fixes #2193. 2011-11-26 03:26:11 +01:00			- `hostname`: To support `url.parse()` `hostname` is preferred over `host`
docs: improvement fs, http and https 2011-10-22 16:40:15 +02:00			- `port`: Port of remote server. Defaults to 443.
			- `method`: A string specifying the HTTP request method. Defaults to `'GET'`.
			- `path`: Request path. Defaults to `'/'`. Should include query string if any.
			E.G. `'/index.html?page=12'`
			- `headers`: An object containing request headers.
			- `auth`: Basic authentication i.e. `'user:password'` to compute an
			`Authorization header.`
doc: Improve cross-linking in API docs markdown Cross-link EventEmitter references in API docs to events.html Fix broken cross-reference links with wrong anchor names in API docs. 2012-06-06 21:05:18 +02:00			- `agent`: Controls [Agent][] behavior. When an Agent is used request will
			default to `Connection: keep-alive`. Possible values:
			- `undefined` (default): use [globalAgent][] for this host and port.
docs: improvement fs, http and https 2011-10-22 16:40:15 +02:00			- `Agent` object: explicitly use the passed in `Agent`.
			- `false`: opts out of connection pooling with an Agent, defaults request to
			`Connection: close`.

doc: Improve cross-linking in API docs markdown Cross-link EventEmitter references in API docs to events.html Fix broken cross-reference links with wrong anchor names in API docs. 2012-06-06 21:05:18 +02:00			`The following options from [tls.connect()][] can also be specified. However, a`
			`[globalAgent][] silently ignores these.`
docs: improvement fs, http and https 2011-10-22 16:40:15 +02:00
crypto: add PKCS12/PFX support Fixes #2845. 2012-05-13 21:38:23 +02:00			- `pfx`: Certificate, Private key and CA certificates to use for SSL. Default `null`.
docs: improvement fs, http and https 2011-10-22 16:40:15 +02:00			- `key`: Private key to use for SSL. Default `null`.
crypto: add PKCS12/PFX support Fixes #2845. 2012-05-13 21:38:23 +02:00			- `passphrase`: A string of passphrase for the private key or pfx. Default `null`.
docs: improvement fs, http and https 2011-10-22 16:40:15 +02:00			- `cert`: Public x509 certificate to use. Default `null`.
			- `ca`: An authority certificate or array of authority certificates to check
Document options for https.request Closes GH-768. 2011-03-10 22:34:35 +01:00			`the remote host against.`
docs: add ciphers option to https.request() 2012-02-25 15:17:05 +01:00			- `ciphers`: A string describing the ciphers to use or exclude. Consult
			`<http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT> for`
			`details on the format.`
tls: enable rejectUnauthorized option to client Fiexes #2247. 2011-12-07 14:47:06 +01:00			- `rejectUnauthorized`: If `true`, the server certificate is verified against
			the list of supplied CAs. An `'error'` event is emitted if verification
			`fails. Verification happens at the connection level, before the HTTP`
tls, https: validate server certificate by default This commit changes the default value of the rejectUnauthorized option from false to true. What that means is that tls.connect(), https.get() and https.request() will reject invalid server certificates from now on, including self-signed certificates. There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED environment variable to the literal string "0", node.js reverts to its old behavior. Fixes #3949. 2012-08-30 15:14:37 +02:00			request is sent. Default `true`.
https: Add `secureProtocol` docs Add `secureProtocol` parameter docs to the https.request method. 2013-05-15 21:16:09 +02:00			- `secureProtocol`: The SSL method to use, e.g. `SSLv3_method` to force
			`SSL version 3. The possible values depend on your installation of`
			`OpenSSL and are defined in the constant [SSL_METHODS][].`
Document options for https.request Closes GH-768. 2011-03-10 22:34:35 +01:00
doc: HTTPS client's options Fixes #1494. 2011-09-14 13:17:30 +02:00			In order to specify these options, use a custom `Agent`.

			`Example:`

			`var options = {`
doc: reflect hostname v. host preference in examples The documentation for http.request and https.request states that `hostname` is preferred over `host` so the code examples should use that option name. 2012-10-29 04:16:40 +01:00			`hostname: 'encrypted.google.com',`
doc: HTTPS client's options Fixes #1494. 2011-09-14 13:17:30 +02:00			`port: 443,`
			`path: '/',`
			`method: 'GET',`
			`key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),`
doc: HTTPS client's options 2011-09-14 16:48:42 +02:00			`cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')`
doc: HTTPS client's options Fixes #1494. 2011-09-14 13:17:30 +02:00			`};`
			`options.agent = new https.Agent(options);`

			`var req = https.request(options, function(res) {`
			`...`
			`}`

			Or does not use an `Agent`.

			`Example:`

			`var options = {`
doc: reflect hostname v. host preference in examples The documentation for http.request and https.request states that `hostname` is preferred over `host` so the code examples should use that option name. 2012-10-29 04:16:40 +01:00			`hostname: 'encrypted.google.com',`
doc: HTTPS client's options Fixes #1494. 2011-09-14 13:17:30 +02:00			`port: 443,`
			`path: '/',`
			`method: 'GET',`
			`key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),`
doc: HTTPS client's options 2011-09-14 16:48:42 +02:00			`cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem'),`
doc: HTTPS client's options Fixes #1494. 2011-09-14 13:17:30 +02:00			`agent: false`
			`};`

			`var req = https.request(options, function(res) {`
			`...`
			`}`
Document options for https.request Closes GH-768. 2011-03-10 22:34:35 +01:00
Add https.get() 2011-01-21 22:21:01 +01:00			`## https.get(options, callback)`
Initial pass at https client 2011-01-21 22:12:35 +01:00
Add https.get() 2011-01-21 22:21:01 +01:00			Like `http.get()` but for HTTPS.

https: make https.get() accept a URL https.get() now accepts either a URL (as a string) or an options object. Refs #2859. Fixes #3882. 2012-08-18 07:18:02 +02:00			`options` can be an object or a string. If `options` is a string, it is
			`automatically parsed with [url.parse()](url.html#url.parse).`

Add https.get() 2011-01-21 22:21:01 +01:00			`Example:`

			`var https = require('https');`

docs: fix syntax error in "https" example 2012-08-25 01:11:55 +02:00			`https.get('https://encrypted.google.com/', function(res) {`
Add https.get() 2011-01-21 22:21:01 +01:00			`console.log("statusCode: ", res.statusCode);`
			`console.log("headers: ", res.headers);`

			`res.on('data', function(d) {`
			`process.stdout.write(d);`
			`});`

			`}).on('error', function(e) {`
			`console.error(e);`
			`});`
Initial pass at https client 2011-01-21 22:12:35 +01:00

doc refactor: https 2012-02-27 20:09:34 +01:00			`## Class: https.Agent`
docs: improvement fs, http and https 2011-10-22 16:40:15 +02:00
doc: Improve cross-linking in API docs markdown Cross-link EventEmitter references in API docs to events.html Fix broken cross-reference links with wrong anchor names in API docs. 2012-06-06 21:05:18 +02:00			`An Agent object for HTTPS similar to [http.Agent][]. See [https.request()][]`
			`for more information.`
docs: improvement fs, http and https 2011-10-22 16:40:15 +02:00
Initial pass at https client 2011-01-21 22:12:35 +01:00
docs: improvement fs, http and https 2011-10-22 16:40:15 +02:00			`## https.globalAgent`
Initial pass at https client 2011-01-21 22:12:35 +01:00
doc: Improve cross-linking in API docs markdown Cross-link EventEmitter references in API docs to events.html Fix broken cross-reference links with wrong anchor names in API docs. 2012-06-06 21:05:18 +02:00			`Global instance of [https.Agent][] for all HTTPS client requests.`

https: implement https.Server#setTimeout() Like commit d258fb0 ("http: More useful setTimeout API on server") but this time for the https module. Fixes #5361. 2013-04-30 12:43:32 +02:00			`[http.Server#setTimeout()]: http.html#http_server_settimeout_msecs_callback`
			`[http.Server#timeout]: http.html#http_server_timeout`
doc: Improve cross-linking in API docs markdown Cross-link EventEmitter references in API docs to events.html Fix broken cross-reference links with wrong anchor names in API docs. 2012-06-06 21:05:18 +02:00			`[Agent]: #https_class_https_agent`
			`[globalAgent]: #https_https_globalagent`
doc: consistent use of the callback argument 2012-10-08 19:10:29 +02:00			`[http.listen()]: http.html#http_server_listen_port_hostname_backlog_callback`
			`[http.close()]: http.html#http_server_close_callback`
doc: Improve cross-linking in API docs markdown Cross-link EventEmitter references in API docs to events.html Fix broken cross-reference links with wrong anchor names in API docs. 2012-06-06 21:05:18 +02:00			`[http.Agent]: http.html#http_class_http_agent`
			`[http.request()]: http.html#http_http_request_options_callback`
			`[https.Agent]: #https_class_https_agent`
doc: Fix missing link target to 'https.request()' 2012-11-27 15:52:49 +01:00			`[https.request()]: #https_https_request_options_callback`
doc: https: Fix the link to tls.connect 2013-03-15 17:31:48 +01:00			`[tls.connect()]: tls.html#tls_tls_connect_options_callback`
doc: Improve cross-linking in API docs markdown Cross-link EventEmitter references in API docs to events.html Fix broken cross-reference links with wrong anchor names in API docs. 2012-06-06 21:05:18 +02:00			`[tls.createServer()]: tls.html#tls_tls_createserver_options_secureconnectionlistener`
https: Add `secureProtocol` docs Add `secureProtocol` parameter docs to the https.request method. 2013-05-15 21:16:09 +02:00			`[SSL_METHODS]: http://www.openssl.org/docs/ssl/ssl.html#DEALING_WITH_PROTOCOL_METHODS`