@ -38,7 +38,7 @@ parameters:
openssl dhparam -outform PEM -out dhparam.pem 2048
openssl dhparam -outform PEM -out dhparam.pem 2048
```
```
To create .pfx or .p12, do this:
To create a .pfx or .p12, do this:
```
```
openssl pkcs12 -export -in agent5-cert.pem -inkey agent5-key.pem \
openssl pkcs12 -export -in agent5-cert.pem -inkey agent5-key.pem \
@ -55,35 +55,36 @@ openssl pkcs12 -export -in agent5-cert.pem -inkey agent5-key.pem \
<!-- type=misc -->
<!-- type=misc -->
ALPN (Application-Layer Protocol Negotiation Extension), NPN (Next
ALPN (Application-Layer Protocol Negotiation Extension), NPN (Next
Protocol Negotiation) and SNI (Server Name Indication) are TLS
Protocol Negotiation) and, SNI (Server Name Indication) are TLS
handshake extensions:
handshake extensions:
* ALPN/NPN - Allows the use of one TLS server for multiple protocols (HTTP, SPDY, HTTP/2)
* ALPN/NPN - Allows the use of one TLS server for multiple protocols (HTTP,
* SNI - Allows the use of one TLS server for multiple hostnames with different SSL
SPDY, HTTP/2)
certificates.
* SNI - Allows the use of one TLS server for multiple hostnames with different
SSL certificates.
## Client-initiated renegotiation attack mitigation
## Client-initiated renegotiation attack mitigation
<!-- type=misc -->
<!-- type=misc -->
The TLS protocol lets the client renegotiate certain aspects of the TLS session.
The TLS protocol lets the client renegotiate certain aspects of the TLS session.
Unfortunately, session renegotiation requires a disproportional amount of
Unfortunately, session renegotiation requires a disproportionate amount of
server-side resources, which makes it a potential vector for denial-of-service
server-side resources, which makes it a potential vector for denial-of-service
attacks.
attacks.
To mitigate this, renegotiations are limited to three times every 10 minutes. An
To mitigate this, renegotiation is limited to three times every 10 minutes. An
error is emitted on the [`tls.TLSSocket`][] instance when the threshold is
error is emitted on the [`tls.TLSSocket`][] instance when the threshold is
exceeded. The limits are configurable:
exceeded. These limits are configurable:
- `tls.CLIENT_RENEG_LIMIT` : renegotiation limit, default is 3.
- `tls.CLIENT_RENEG_LIMIT` : renegotiation limit, default is 3.
- `tls.CLIENT_RENEG_WINDOW` : renegotiation window in seconds, default is
- `tls.CLIENT_RENEG_WINDOW` : renegotiation window in seconds, default is
10 minutes.
10 minutes.
Don't change the defaults unless you know what you are doing .
Do not change the defaults without a full understanding of the implications .
To test your server, connect to it with `openssl s_client -connect address:port`
To test the server, connect to it with `openssl s_client -connect address:port`
and tap `R<CR>` (that's the letter `R` followed by a carriage return) a few
and tap `R<CR>` (i.e., the letter `R` followed by a carriage return) a few
times.
times.
## Modifying the Default TLS Cipher suite
## Modifying the Default TLS Cipher suite
@ -134,14 +135,15 @@ absolutely necessary.
<!-- type=misc -->
<!-- type=misc -->
The term "[Forward Secrecy]" or "Perfect Forward Secrecy" describes a feature of
The term "[Forward Secrecy]" or "Perfect Forward Secrecy" describes a feature of
key-agreement (i.e. key-exchange) methods. Practically it means that even if the
key-agreement (i.e., key-exchange) methods. Practically it means that even if
private key of a (your) server is compromised, communication can only be
the private key of a server is compromised, communication can only be
decrypted by eavesdroppers if they manage to obtain the key-pair specifically
decrypted by eavesdroppers if they manage to obtain the key-pair specifically
generated for each session.
generated for each session.
This is achieved by randomly generating a key pair for key-agreement on every
This is achieved by randomly generating a key pair for key-agreement on every
handshake (in contrary to the same key for all sessions). Methods implementing
handshake (in contrast to using the same key for all sessions). Methods
this technique, thus offering Perfect Forward Secrecy, are called "ephemeral".
implementing this technique, thus offering Perfect Forward Secrecy, are
called "ephemeral".
Currently two methods are commonly used to achieve Perfect Forward Secrecy (note
Currently two methods are commonly used to achieve Perfect Forward Secrecy (note
the character "E" appended to the traditional abbreviations):
the character "E" appended to the traditional abbreviations):
@ -170,17 +172,17 @@ Returned by tls.createSecurePair.
### Event: 'secure'
### Event: 'secure'
The event is emitted from the SecurePair once the pair has successfully
This event is emitted from the SecurePair once the pair has successfully
established a secure connection.
established a secure connection.
Similarly to the checking for the server `'secureConnection'` event,
As with checking for the server [`secureConnection` ](#event-secureconnection )
pair.cleartext.authorized should be checked to confirm whether the certificat e
event, `pair.cleartext.authorized` should be inspected to confirm whether th e
used properly authorized.
certificate used is properly authorized.
## Class: tls.Server
## Class: tls.Server
This class is a subclass of `net.Server` and has the same methods on it.
This class is a subclass of `net.Server` and has the same methods on it.
Instead of accepting just raw TCP connections, this accepts encrypted
Instead of accepting only raw TCP connections, this accepts encrypted
connections using TLS or SSL.
connections using TLS or SSL.
### Event: 'tlsClientError'
### Event: 'tlsClientError'
@ -196,63 +198,64 @@ established it will be forwarded here.
`function (sessionId, sessionData, callback) { }`
`function (sessionId, sessionData, callback) { }`
Emitted on creation of TLS session. May be used to store sessions in external
Emitted on creation of a TLS session. May be used to store sessions in external
storage. `callback` must be invoked eventually, otherwise no data will be
storage. `callback` must be invoked eventually, otherwise no data will be
sent or received from secure connection.
sent or received from the secure connection.
NOTE: adding this event listener will have an effect only on connections
NOTE: adding this event listener will only have an effect on connections
established after addition of event listener.
established after the addition of the event listener.
### Event: 'OCSPRequest'
### Event: 'OCSPRequest'
`function (certificate, issuer, callback) { }`
`function (certificate, issuer, callback) { }`
Emitted when the client sends a certificate status request. You could parse
Emitted when the client sends a certificate status request. The server's
server's current certificate to obtain OCSP url and certificate id, and after
current certificate can be parsed to obtain the OCSP URL and certificate ID;
obtaining OCSP response invoke `callback(null, resp)` , where `resp` is a
after obtaining an OCSP response `callback(null, resp)` is then invoked, where
`Buffer` instance. Both `certificate` and `issuer` are a `Buffer`
`resp` is a `Buffer` instance. Both `certificate` and `issuer` are `Buffer`
DER-representations of the primary and issuer's certificates. They could be used
DER-representations of the primary and issuer's certificates. They can be used
to obtain OCSP certificate id and OCSP endpoint url .
to obtain the OCSP certificate ID and OCSP endpoint URL .
Alternatively, `callback(null, null)` could be called, meaning that there i s no
Alternatively, `callback(null, null)` may be called, meaning that there wa s no
OCSP response.
OCSP response.
Calling `callback(err)` will result in a `socket.destroy(err)` call.
Calling `callback(err)` will result in a `socket.destroy(err)` call.
Typical flow:
Typical flow:
1. Client connects to server and sends `'OCSPRequest'` to it (via status info
1. Client connects to the server and sends an `'OCSPRequest'` to it (via status
extension in ClientHello.)
info extension in ClientHello).
2. Server receives request and invokes `'OCSPRequest'` event listener if present
2. Server receives the request and invokes the `'OCSPRequest'` event listener
3. Server grabs OCSP url from either `certificate` or `issuer` and performs an
if present.
[OCSP request] to the CA
3. Server extracts the OCSP URL from either the `certificate` or `issuer` and
4. Server receives `OCSPResponse` from CA and sends it back to client via
performs an [OCSP request] to the CA.
`callback` argument
4. Server receives `OCSPResponse` from the CA and sends it back to the client
5. Client validates the response and either destroys socket or performs a
via the `callback` argument
5. Client validates the response and either destroys the socket or performs a
handshake.
handshake.
NOTE: `issuer` could be `null` , if the certificate is self-signed or if the
NOTE: `issuer` could be `null` if the certificate is self-signed or if the
issuer is not in the root certificates list. (An issuer may be provided via the
issuer is not in the root certificates list. (An issuer may be provided via the
`ca` option)
`ca` option. )
NOTE: adding this event listener will have an effect only on connections
NOTE: adding this event listener will only have an effect on connections
established after addition of event listener.
established after the addition of the event listener.
NOTE: you may want to use some npm module like [asn1.js] to parse the
NOTE: An npm module like [asn1.js] may be used to parse the certificates.
certificates.
### Event: 'resumeSession'
### Event: 'resumeSession'
`function (sessionId, callback) { }`
`function (sessionId, callback) { }`
Emitted when client wants to resume previous TLS session. Event listener may
Emitted when the client wants to resume the previous TLS session. The event
perform lookup in external storage using given `sessionId` , and invoke
listener may perform a lookup in external storage using the given `sessionId`
`callback(null, sessionData)` once finished. If session can't be resumed
and invoke `callback(null, sessionData)` once finished. If the session can't be
(i.e. doesn't exist in storage) one may call `callback(null, null)` . Calling
resumed (i.e., doesn't exist in storage) one may call `callback(null, null)` .
`callback(err)` will terminate incoming connection and destroy socket.
Calling `callback(err)` will terminate incoming connection and destroy the
socket.
NOTE: adding this event listener will have an effect only on connections
NOTE: adding this event listener will only have an effect on connections
established after addition of event listener.
established after the addition of the event listener.
Here's an example for using TLS session resumption:
Here's an example for using TLS session resumption:
@ -271,36 +274,36 @@ server.on('resumeSession', (id, cb) => {
`function (tlsSocket) {}`
`function (tlsSocket) {}`
This event is emitted after a new connection has been successfully
This event is emitted after the handshaking process for a new connection has
handshaked. The argument is an instance of [`tls.TLSSocket`][]. It has all the
successfully completed. The argument is an instance of [`tls.TLSSocket`][] and
common stream methods and events.
has all the common stream methods and events.
`socket.authorized` is a boolean value which indicates if the
`socket.authorized` is a boolean value which indicates if the
client has verified by one of the supplied certificate authorities for the
client has been verified by one of the supplied certificate authorities for the
server. If `socket.authorized` is false, then
server. If `socket.authorized` is false, then `socket.authorizationError` is
`socket.authorizationError` is set to describe how authorization
set to describe how authorization failed. Implied but worth mentioning:
failed. Implied but worth mentioning: depending on the settings of the TLS
depending on the settings of the TLS server, unauthorized connections may
server, you unauthorized connections may be accepted.
be accepted.
`socket.npnProtocol` is a string containing the selected NPN protocol
`socket.npnProtocol` is a string containing the selected NPN protocol
and `socket.alpnProtocol` is a string containing the selected ALPN
and `socket.alpnProtocol` is a string containing the selected ALPN
protocol, When both NPN and ALPN extensions are received, ALPN takes
protocol. When both NPN and ALPN extensions are received, ALPN takes
precedence over NPN and the next protocol is selected by ALPN. When
precedence over NPN and the next protocol is selected by ALPN. When
ALPN has no selected protocol, this returns false.
ALPN has no selected protocol, this returns false.
`socket.servername` is a string containing servername requested with
`socket.servername` is a string containing the server name requested with
SNI.
SNI.
### server.addContext(hostname, context)
### server.addContext(hostname, context)
Add secure context that will be used if client request's SNI hostname is
Add secure context that will be used if the client request's SNI hostname
matching pass ed `hostname` (wildcards can be used). `context` can contain
matches the suppli ed `hostname` (wildcards can be used). `context` can contain
`key` , `cert` , `ca` and/ or any other properties from
`key` , `cert` , `ca` or any other properties from
[`tls.createSecureContext()`][] `options` argument.
[`tls.createSecureContext()`][] `options` argument.
### server.address()
### server.address()
Returns the bound address, the address family name and port of the
Returns the bound address, the address family name, and port of the
server as reported by the operating system. See [`net.Server.address()`][] for
server as reported by the operating system. See [`net.Server.address()`][] for
more information.
more information.
@ -316,7 +319,7 @@ The number of concurrent connections on the server.
### server.getTicketKeys()
### server.getTicketKeys()
Returns `Buffer` instance holding the keys currently used for
Returns a `Buffer` instance holding the keys currently used for
encryption/decryption of the [TLS Session Tickets][]
encryption/decryption of the [TLS Session Tickets][]
### server.listen(port[, hostname][, callback])
### server.listen(port[, hostname][, callback])
@ -335,16 +338,17 @@ See `net.Server` for more information.
Updates the keys for encryption/decryption of the [TLS Session Tickets][].
Updates the keys for encryption/decryption of the [TLS Session Tickets][].
NOTE: the buffer should be 48 bytes long. See server `ticketKeys` option for
NOTE: the buffer should be 48 bytes long. See `ticketKeys` option in
more information oh how it is going to be used.
[tls.createServer ](#tlscreateserveroptions-secureconnectionlistener ) for
more information on how it is used.
NOTE: the change is effective only for the future server connections. Existing
NOTE: the change is effective only for future server connections. Existing
or currently pending server connections will use previous keys.
or currently pending server connections will use the previous keys.
### server.maxConnections
### server.maxConnections
Set this property to reject connections when the server's connection count
Set this property to reject connections when the server's connection count
gets high .
exceeds the specified threshold .
## Class: tls.TLSSocket
## Class: tls.TLSSocket
@ -352,16 +356,16 @@ gets high.
This is a wrapped version of [`net.Socket`][] that does transparent encryption
This is a wrapped version of [`net.Socket`][] that does transparent encryption
of written data and all required TLS negotiation.
of written data and all required TLS negotiation.
This instance implements a duplex [Stream][] interfaces. It has all the
This instance implements the duplex [Stream][] interface. It has all the
common stream methods and events.
common stream methods and events.
Methods that return TLS connection meta data (e.g.
Methods that return TLS connection metadata (e.g.
[`tls.TLSSocket.getPeerCertificate()`][] will only return data while the
[`tls.TLSSocket.getPeerCertificate()`][] will only return data while the
connection is open.
connection is open.
### new tls.TLSSocket(socket[, options])
### new tls.TLSSocket(socket[, options])
Construct a new TLSSocket object from existing TCP socket.
Construct a new TLSSocket object from an existing TCP socket.
`socket` is an instance of [`net.Socket`][]
`socket` is an instance of [`net.Socket`][]
@ -385,44 +389,44 @@ Construct a new TLSSocket object from existing TCP socket.
- `SNICallback` : Optional, see [`tls.createServer()`][]
- `SNICallback` : Optional, see [`tls.createServer()`][]
- `session` : Optional, a `Buffer` instance, containing TLS session
- `session` : Optional, a `Buffer` instance, containing a TLS session
- `requestOCSP` : Optional, if `true` the OCSP status request extension will
- `requestOCSP` : Optional, if `true` the OCSP status request extension will
be added to the client hello, and an `'OCSPResponse'` event will be emitted
be added to the client hello and an `'OCSPResponse'` event will be emitted
on the socket before establishing a secure communication
on the socket before establishing a secure communication
### Event: 'OCSPResponse'
### Event: 'OCSPResponse'
`function (response) { }`
`function (response) { }`
This event will be emitted if `requestOCSP` option was set. `response` is a
This event will be emitted if the `requestOCSP` option was set. `response` is a
buffer object, containing server's OCSP response.
`Buffer` containing the server's OCSP response.
Traditionally, the `response` is a signed object from the server's CA that
Traditionally, the `response` is a signed object from the server's CA that
contains information about server's certificate revocation status.
contains information about server's certificate revocation status.
### Event: 'secureConnect'
### Event: 'secureConnect'
This event is emitted after a new connection has been successfully handshaked.
This event is emitted after the handshaking process for a new connection has
The listener will be called no matter if the server's certificate was
successfully completed. The listener will be called regardless of whether or not
authorized or not. It is up to the user to test `tlsSocket.authorized`
the server's certificate has been authorized. It is the user's responsibility to
to see if the server certificate was signed by one of the specified CAs.
test `tlsSocket.authorized` to see if the server certificate was signed by one
If `tlsSocket.authorized === false` then the error can be found in
of the specified CAs. If `tlsSocket.authorized === false` then the error can be
`tlsSocket.authorizationError` . Also, if ALPN or NPN was used you can
found in `tlsSocket.authorizationError` . Also, if either ALPN or NPN was used
check `tlsSocket.alpnProtocol` or `tlsSocket.npnProtocol` for the
`tlsSocket.alpnProtocol` or `tlsSocket.npnProtocol` can be checked for the
negotiated protocol.
negotiated protocol.
### tlsSocket.address()
### tlsSocket.address()
Returns the bound address, the address family name and port of the
Returns the bound address, the address family name, and port of the
underlying socket as reported by the operating system. Returns an
underlying socket as reported by the operating system. Returns an
object with three properties, e.g.
object with three properties, e.g.,
`{ port: 12346, family: 'IPv4', address: '127.0.0.1' }`
`{ port: 12346, family: 'IPv4', address: '127.0.0.1' }`
### tlsSocket.authorized
### tlsSocket.authorized
A boolean that is `true` if the peer certificate was signed by one of the
A boolean that is `true` if the peer certificate was signed by one of the
specified CAs, otherwise `false`
specified CAs, otherwise `false` .
### tlsSocket.authorizationError
### tlsSocket.authorizationError
@ -440,7 +444,7 @@ Returns an object representing the cipher name and the SSL/TLS protocol version
that first defined the cipher.
that first defined the cipher.
Example:
Example:
{ name: 'AES256-SHA', version: 'TLSv1/SSLv3' }
` { name: 'AES256-SHA', version: 'TLSv1/SSLv3' }`
See SSL_CIPHER_get_name() and SSL_CIPHER_get_version() in
See SSL_CIPHER_get_name() and SSL_CIPHER_get_version() in
https://www.openssl.org/docs/manmaster/ssl/SSL_CIPHER_get_name.html for more
https://www.openssl.org/docs/manmaster/ssl/SSL_CIPHER_get_name.html for more
@ -448,12 +452,12 @@ information.
### tlsSocket.getEphemeralKeyInfo()
### tlsSocket.getEphemeralKeyInfo()
Returns an object representing a type, name and size of parameter of
Returns an object representing the type, name, and size of parameter of
an ephemeral key exchange in [Perfect f orward Secrecy][] on a client
an ephemeral key exchange in [Perfect F orward Secrecy][] on a client
connection. It returns an empty object when the key exchange is not
connection. It returns an empty object when the key exchange is not
ephemeral. As i t is only supported on a client socket, it returns `null`
ephemeral. As this is only supported on a client socket, it returns `null`
if this is called on a server socket. The supported types are 'DH' and
if called on a server socket. The supported types are 'DH' and 'ECDH'. The
'ECDH'. The `name` property is only available in 'ECDH'.
`name` property is only available in 'ECDH'.
Example:
Example:
@ -462,9 +466,9 @@ Example:
### tlsSocket.getPeerCertificate([ detailed ])
### tlsSocket.getPeerCertificate([ detailed ])
Returns an object representing the peer's certificate. The returned object has
Returns an object representing the peer's certificate. The returned object has
some properties corresponding to the field of the certificate. If `detailed`
some properties corresponding to the fields of the certificate. If the
argument is `true` the full chain with `issuer` property will be returned,
`detailed` argument is `true` the full chain with the `issuer` property will be
if `false` only the top certificate without `issuer` property.
returned, if `false` only the top certificate without the `issuer` property.
Example:
Example:
@ -516,15 +520,16 @@ information.
### tlsSocket.getSession()
### tlsSocket.getSession()
Return ASN.1 encoded TLS session or `undefined` if none was negotiated. Could
Returns the ASN.1 encoded TLS session or `undefined` if none was negotiated.
be used to speed up handshake establishment when reconnecting to the server.
Could be used to speed up handshake establishment when reconnecting to the
server.
### tlsSocket.getTLSTicket()
### tlsSocket.getTLSTicket()
NOTE: Works only with client TLS sockets. Useful only for debugging, for
NOTE: Works only with client TLS sockets. Useful only for debugging, for
session reuse provide `session` option to [`tls.connect()`][].
session reuse provide `session` option to [`tls.connect()`][].
Return TLS session ticket or `undefined` if none was negotiated.
Returns the TLS session ticket or `undefined` if none was negotiated.
### tlsSocket.localAddress
### tlsSocket.localAddress
@ -549,9 +554,9 @@ The numeric representation of the remote port. For example, `443`.
### tlsSocket.renegotiate(options, callback)
### tlsSocket.renegotiate(options, callback)
Initiate TLS renegotiation process. The `options` may contain the following
Initiate TLS renegotiation process. The `options` object may contain the
fields: `rejectUnauthorized` , `requestCert` (See [`tls.createServer()`][] for
following fields: `rejectUnauthorized` , `requestCert` . (See [`tls.createServer
details) . `callback(err)` will be executed with `null` as `err` ,
()`][] for details.) `callback(err)` will be executed with `null` as `err` ,
once the renegotiation is successfully completed.
once the renegotiation is successfully completed.
NOTE: Can be used to request peer's certificate after the secure connection
NOTE: Can be used to request peer's certificate after the secure connection
@ -565,9 +570,9 @@ with an error after `handshakeTimeout` timeout.
Set maximum TLS fragment size (default and maximum value is: `16384` , minimum
Set maximum TLS fragment size (default and maximum value is: `16384` , minimum
is: `512` ). Returns `true` on success, `false` otherwise.
is: `512` ). Returns `true` on success, `false` otherwise.
Smaller fragment size decreases buffering latency on the client: large
Smaller fragment sizes decrease the buffering latency on the client: larger
fragments are buffered by the TLS layer until the entire fragment is received
fragments are buffered by the TLS layer until the entire fragment is received
and its integrity is verified; large fragments can span multiple roundtrips,
and its integrity is verified; large fragments can span multiple roundtrips
and their processing can be delayed due to packet loss or reordering. However,
and their processing can be delayed due to packet loss or reordering. However,
smaller fragments add extra TLS framing bytes and CPU overhead, which may
smaller fragments add extra TLS framing bytes and CPU overhead, which may
decrease overall server throughput.
decrease overall server throughput.
@ -580,9 +585,9 @@ Creates a new client connection to the given `port` and `host` (old API) or
`options.port` and `options.host` . (If `host` is omitted, it defaults to
`options.port` and `options.host` . (If `host` is omitted, it defaults to
`localhost` .) `options` should be an object which specifies:
`localhost` .) `options` should be an object which specifies:
- `host` : Host the client should connect to
- `host` : Host the client should connect to.
- `port` : Port the client should connect to
- `port` : Port the client should connect to.
- `socket` : Establish secure connection on a given socket rather than
- `socket` : Establish secure connection on a given socket rather than
creating a new socket. If this option is specified, `host` and `port`
creating a new socket. If this option is specified, `host` and `port`
@ -591,20 +596,20 @@ Creates a new client connection to the given `port` and `host` (old API) or
- `path` : Creates unix socket connection to path. If this option is
- `path` : Creates unix socket connection to path. If this option is
specified, `host` and `port` are ignored.
specified, `host` and `port` are ignored.
- `pfx` : A string or `Buffer` containing the private key, certificate and
- `pfx` : A string or `Buffer` containing the private key, certificate, and
CA certs of the client in PFX or PKCS12 format.
CA certs of the client in PFX or PKCS12 format.
- `key` : A string or `Buffer` containing the private key of the client in
- `key` : A string, `Buffer` , array of strings, or array of `Buffer` s
PEM format. (Could be an array of keys) .
containing the private key of the client in PEM format .
- `passphrase` : A string of passphrase for the private key or pfx.
- `passphrase` : A string containing the passphrase for the private key or pfx.
- `cert` : A string or `Buffer` containing the certificate key of the client in
- `cert` : A string, `Buffer` , array of strings, or array of `Buffer` s
PEM format. (Could be an array of certs) .
containing the certificate key of the client in PEM format .
- `ca` : A string, `Buffer` or array of strings or `Buffer` s of trusted
- `ca` : A string, `Buffer` , array of strings, or array of `Buffer` s of trusted
certificates in PEM format. If this is omitted several well known "root"
certificates in PEM format. If this is omitted several well known "root"
CAs will be used, like VeriSign . These are used to authorize connections.
CAs (like VeriSign) will be used . These are used to authorize connections.
- `ciphers` : A string describing the ciphers to use or exclude, separated by
- `ciphers` : A string describing the ciphers to use or exclude, separated by
`:` . Uses the same default cipher suite as [`tls.createServer()`][].
`:` . Uses the same default cipher suite as [`tls.createServer()`][].
@ -615,36 +620,37 @@ Creates a new client connection to the given `port` and `host` (old API) or
- `NPNProtocols` : An array of strings or `Buffer` s containing supported NPN
- `NPNProtocols` : An array of strings or `Buffer` s containing supported NPN
protocols. `Buffer` s should have the following format:
protocols. `Buffer` s should have the following format:
`0x05hello0x05world` , where first byte is next protocol name's
`0x05hello0x05world` , where the first byte is the next protocol name's
length. (Passing array should usually be much simpler:
length. (Passing an array is usually be much simpler: `['hello', 'world']` .)
`['hello', 'world']` .)
- `ALPNProtocols` : An array of strings or `Buffer` s containing
- `ALPNProtocols` : An array of strings or `Buffer` s containing the
supported ALPN protocols. `Buffer` s should have following format:
supported ALPN protocols. `Buffer` s should have following format:
`0x05hello0x05world` , where the first byte is the next protocol
`0x05hello0x05world` , where the first byte is the next protocol
name's length. (Passing array should usually be much simpler:
name's length. (Passing an a rray i s usually be much simpler:
`['hello', 'world']` .)
`['hello', 'world']` .)
- `servername` : Servername for SNI (Server Name Indication) TLS extension.
- `servername` : Server name for the SNI (Server Name Indication) TLS
extension.
- `checkServerIdentity(servername, cert)` : Provide an override for checking
- `checkServerIdentity(servername, cert)` : Provide an override for checking
server's hostname against the certificate. Should return an error if verification
the server's hostname against the certificate. Should return an error if
fails. Return `undefined` if passing.
verification fails. Returns `undefined` if passing.
- `secureProtocol` : The SSL method to use, e.g. `SSLv3_method` to force
- `secureProtocol` : The SSL method to use, e.g., `SSLv3_method` to force
SSL version 3. The possible values depend on your installation of
SSL version 3. The possible values depend on the version of OpenSSL
OpenSSL and are defined in the constant [SSL_METHODS][].
installed in the environment and are defined in the constant
[SSL_METHODS][].
- `secureContext` : An optional TLS context object from
- `secureContext` : An optional TLS context object from
`tls.createSecureContext( ... )` . It could be used for caching client
`tls.createSecureContext( ... )` . It can be used for caching client
certificates, key, and CA certificates.
certificates, keys , and CA certificates.
- `session` : A `Buffer` instance, containing TLS session.
- `session` : A `Buffer` instance, containing TLS session.
- `minDHSize` : Minimum size of DH parameter in bits to accept a TLS
- `minDHSize` : Minimum size of the DH parameter in bits to accept a TLS
connection. When a server offers DH parameter with a size less
connection. When a server offers a DH parameter with a size less
than this, the TLS connection is destroyed and throws an
than this, the TLS connection is destroyed and an error is thrown. Default:
error. Default: 1024.
1024.
The `callback` parameter will be added as a listener for the
The `callback` parameter will be added as a listener for the
[`'secureConnect'`][] event.
[`'secureConnect'`][] event.
@ -707,24 +713,24 @@ socket.on('end', () => {
```
```
## tls.createSecureContext(detail s)
## tls.createSecureContext(option s)
Creates a credentials object, with the optional details being a
Creates a credentials object; the `options` object may contain the following
dictionary with key s:
field s:
* `pfx` : A string or b uffer holding the PFX or PKCS12 encoded private
* `pfx` : A string or `B uffer` holding the PFX or PKCS12 encoded private
key, certificate and CA certificates
key, certificate, and CA certificates.
* `key` : A string or `Buffer` containing the private key of the server in
* `key` : A string or `Buffer` containing the private key of the server in
PEM format. To support multiple keys using different algorithms, an array
PEM format. To support multiple keys using different algorithms, an array
can be provided. It can either be a plain array of keys, or an array of
can be provided. It can either be a plain array of keys or an array of
objects in the format `{pem: key, passphrase: passphrase}` . (Required)
objects in the format `{pem: key, passphrase: passphrase}` . (Required)
* `passphrase` : A string of passphrase for the private key or pfx
* `passphrase` : A string containing the passphrase for the private key or pfx.
* `cert` : A string hold ing the PEM encoded certificate
* `cert` : A string contain ing the PEM encoded certificate
* `ca` : A string, `Buffer` or array of strings or `Buffer` s of trusted
* `ca` : A string, `Buffer` , array of strings, or array of `Buffer` s of trusted
certificates in PEM format. If this is omitted several well known "root"
certificates in PEM format. If this is omitted several well known "root"
CAs will be used, like VeriSign . These are used to authorize connections.
CAs (like VeriSign) will be used . These are used to authorize connections.
* `crl` : Either a string or list of strings of PEM encoded CRLs
* `crl` : Either a string or list of strings of PEM encoded CRLs
(Certificate Revocation List)
(Certificate Revocation List).
* `ciphers` : A string describing the ciphers to use or exclude.
* `ciphers` : A string describing the ciphers to use or exclude.
Consult
Consult
< https: / / www . openssl . org / docs / apps / ciphers . html # CIPHER_LIST_FORMAT >
< https: / / www . openssl . org / docs / apps / ciphers . html # CIPHER_LIST_FORMAT >
@ -733,20 +739,21 @@ dictionary with keys:
instead of the client preferences. For further details see `tls` module
instead of the client preferences. For further details see `tls` module
documentation.
documentation.
If no 'ca ' details are given, then Node.js will use the default
If no 'CA ' details are given, then Node.js will use the default
publicly trusted list of CAs as given in
publicly trusted list of CAs as given in
< http: / / mxr . mozilla . org / mozilla / source / security / nss / lib / ckfw / builtins / certdata . txt > .
< http: / / mxr . mozilla . org / mozilla / source / security / nss / lib / ckfw / builtins / certdata . txt > .
## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized][, options])
## tls.createSecurePair([context][, isServer][, requestCert][, rejectUnauthorized][, options])
Creates a new secure pair object with two streams, one of which reads/writes
Creates a new secure pair object with two streams, one of which reads and writes
encrypted data, and one reads/writes cleartext data.
the encrypted data and the other of which reads and writes the cleartext data.
Generally the encrypted one is piped to/from an incoming encrypted data stream,
Generally, the encrypted stream is piped to/from an incoming encrypted data
and the cleartext one is used as a replacement for the initial encrypted stream.
stream and the cleartext one is used as a replacement for the initial encrypted
stream.
- `credentials` : A secure context object from tls.createSecureContext( ... )
- `credentials` : A secure context object from ` tls.createSecureContext( ... )` .
- `isServer` : A boolean indicating whether this tls connection should be
- `isServer` : A boolean indicating whether this TLS connection should be
opened as a server or a client.
opened as a server or a client.
- `requestCert` : A boolean indicating whether a server should request a
- `requestCert` : A boolean indicating whether a server should request a
@ -761,34 +768,34 @@ and the cleartext one is used as a replacement for the initial encrypted stream.
`tls.createSecurePair()` returns a SecurePair object with `cleartext` and
`tls.createSecurePair()` returns a SecurePair object with `cleartext` and
`encrypted` stream properties.
`encrypted` stream properties.
NOTE: `cleartext` has the same APIs as [`tls.TLSSocket`][]
NOTE: `cleartext` has the same API as [`tls.TLSSocket`][]
## tls.createServer(options[, secureConnectionListener])
## tls.createServer(options[, secureConnectionListener])
Creates a new [tls.Server][]. The `connectionListener` argument is
Creates a new [tls.Server][]. The `connectionListener` argument is
automatically set as a listener for the [`'secureConnection'`][] event. The
automatically set as a listener for the [`'secureConnection'`][] event. The
`options` object has these possibilitie s:
`options` object may contain the following field s:
- `pfx` : A string or `Buffer` containing the private key, certificate and
- `pfx` : A string or `Buffer` containing the private key, certificate and
CA certs of the server in PFX or PKCS12 format. (Mutually exclusive with
CA certs of the server in PFX or PKCS12 format. (Mutually exclusive with
the `key` , `cert` and `ca` options.)
the `key` , `cert` , and `ca` options.)
- `key` : A string or `Buffer` containing the private key of the server in
- `key` : A string or `Buffer` containing the private key of the server in
PEM format. To support multiple keys using different algorithms, an array
PEM format. To support multiple keys using different algorithms an array
can be provided. It can either be a plain array of keys, or an array of
can be provided. It can either be a plain array of keys or an array of
objects in the format `{pem: key, passphrase: passphrase}` . (Required)
objects in the format `{pem: key, passphrase: passphrase}` . (Required)
- `passphrase` : A string of passphrase for the private key or pfx.
- `passphrase` : A string containing the passphrase for the private key or pfx.
- `cert` : A string or `Buffer` containing the certificate key of the server in
- `cert` : A string, `Buffer` , array of strings, or array of `Buffer` s
PEM format. (Could be an array of certs) . (Required)
containing the certificate key of the server in PEM format . (Required)
- `ca` : A string, `Buffer` or array of strings or `Buffer` s of trusted
- `ca` : A string, `Buffer` , array of strings, or array of `Buffer` s of trusted
certificates in PEM format. If this is omitted several well known "root"
certificates in PEM format. If this is omitted several well known "root"
CAs will be used, like VeriSign . These are used to authorize connections.
CAs (like VeriSign) will be used . These are used to authorize connections.
- `crl` : Either a string or list of strings of PEM encoded CRLs (Certificate
- `crl` : Either a string or array of strings of PEM encoded CRLs (Certificate
Revocation List)
Revocation List).
- `ciphers` : A string describing the ciphers to use or exclude, separated by
- `ciphers` : A string describing the ciphers to use or exclude, separated by
`:` . The default cipher suite is:
`:` . The default cipher suite is:
@ -819,22 +826,22 @@ automatically set as a listener for the [`'secureConnection'`][] event. The
The default cipher suite prefers GCM ciphers for [Chrome's 'modern
The default cipher suite prefers GCM ciphers for [Chrome's 'modern
cryptography' setting] and also prefers ECDHE and DHE ciphers for Perfect
cryptography' setting] and also prefers ECDHE and DHE ciphers for Perfect
Forward s ecrecy, while offering *some* backward compatibilt ity.
Forward S ecrecy, while offering *some* backward compatibility.
128 bit AES is preferred over 192 and 256 bit AES in light of [specific
128 bit AES is preferred over 192 and 256 bit AES in light of [specific
attacks affecting larger AES key sizes].
attacks affecting larger AES key sizes].
Old clients that rely on insecure and deprecated RC4 or DES-based ciphers
Old clients that rely on insecure and deprecated RC4 or DES-based ciphers
(like Internet Explorer 6) aren't able to complete the handshake with the default
(like Internet Explorer 6) cannot complete the handshaking process with
configuration. If you absolutely must support these clients , the
the default configuration. If these clients _must_ be supported , the
[TLS recommendations] may offer a compatible cipher suite. For more details
[TLS recommendations] may offer a compatible cipher suite. For more details
on the format, see the [OpenSSL cipher list format documentation].
on the format, see the [OpenSSL cipher list format documentation].
- `ecdhCurve` : A string describing a named curve to use for ECDH key agreement
- `ecdhCurve` : A string describing a named curve to use for ECDH key agreement
or false to disable ECDH.
or false to disable ECDH.
Defaults to `prime256v1` (NIST P-256). Use [`crypto.getCurves()`][] to obtain
Defaults to `prime256v1` (NIST P-256). Use [`crypto.getCurves()`][] to
a list of available curve names. On recent releases,
obtain a list of available curve names. On recent releases,
`openssl ecparam -list_curves` will also display the name and description of
`openssl ecparam -list_curves` will also display the name and description of
each available elliptic curve.
each available elliptic curve.
@ -842,11 +849,11 @@ automatically set as a listener for the [`'secureConnection'`][] event. The
required for Perfect Forward Secrecy. Use `openssl dhparam` to create it.
required for Perfect Forward Secrecy. Use `openssl dhparam` to create it.
Its key length should be greater than or equal to 1024 bits, otherwise
Its key length should be greater than or equal to 1024 bits, otherwise
it throws an error. It is strongly recommended to use 2048 bits or
it throws an error. It is strongly recommended to use 2048 bits or
more for stronger security. If omitted or invalid, it is silently
larger for stronger security. If omitted or invalid, it is silently
discarded and DHE ciphers won't be available.
discarded and DHE ciphers won't be available.
- `handshakeTimeout` : Abort the connection if the SSL/TLS handshake does not
- `handshakeTimeout` : Abort the connection if the SSL/TLS handshake does not
finish in this many milliseconds. The default is 120 seconds.
finish in the specified number of milliseconds. The default is 120 seconds.
A `'clientError'` is emitted on the `tls.Server` object whenever a handshake
A `'clientError'` is emitted on the `tls.Server` object whenever a handshake
times out.
times out.
@ -863,40 +870,39 @@ automatically set as a listener for the [`'secureConnection'`][] event. The
has an effect if `requestCert` is `true` . Default: `false` .
has an effect if `requestCert` is `true` . Default: `false` .
- `NPNProtocols` : An array or `Buffer` of possible NPN protocols. (Protocols
- `NPNProtocols` : An array or `Buffer` of possible NPN protocols. (Protocols
should be ordered by their priority) .
should be ordered by their priority.)
- `ALPNProtocols` : An array or `Buffer` of possible ALPN
- `ALPNProtocols` : An array or `Buffer` of possible ALPN
protocols. (Protocols should be ordered by their priority) . When
protocols. (Protocols should be ordered by their priority.) When
the server receives both NPN and ALPN extensions from the client,
the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send an NPN
ALPN takes precedence over NPN and the server does not send an NPN
extension to the client.
extension to the client.
- `SNICallback(servername, cb)` : A function that will be called if client
- `SNICallback(servername, cb)` : A function that will be called if the client
supports SNI TLS extension. Two argument will be passed to it: `servername` ,
supports SNI TLS extension. Two arguments will be passed to it:
and `cb` . `SNICallback` should invoke `cb(null, ctx)` , where `ctx` is a
`servername` and `cb` . `SNICallback` should invoke `cb(null, ctx)` , where
SecureContext instance.
`ctx` is a SecureContext instance. (`tls.createSecureContext(...)` can be
(You can use `tls.createSecureContext(...)` to get proper
used to get a proper SecureContext.) If `SNICallback` wasn't provided the
SecureContext). If `SNICallback` wasn't provided the default callback with
default callback with high-level API will be used (see below).
high-level API will be used (see below).
- `sessionTimeout` : An integer specifying the seconds after which TLS
- `sessionTimeout` : An integer specifying the number of seconds after which
session identifiers and TLS session tickets created by the server are
the TLS session identifiers and TLS session tickets created by the server
timed out. See [SSL_CTX_set_timeout] for more details.
will time out. See [SSL_CTX_set_timeout] for more details.
- `ticketKeys` : A 48-byte `Buffer` instance consisting of 16-byte prefix,
- `ticketKeys` : A 48-byte `Buffer` instance consisting of a 16-byte prefix,
16-byte hmac key, 16-byte AES key. You could use it to accept tls session
a 16-byte HMAC key, and a 16-byte AES key. This can be used to accept TLS
tickets on multiple instances of tls server.
session tickets on multiple instances of the TLS server.
NOTE: Automatically shared between `cluster` module workers.
NOTE: Automatically shared between `cluster` module workers.
- `sessionIdContext` : A string containing an opaque identifier for session
- `sessionIdContext` : A string containing an opaque identifier for session
resumption. If `requestCert` is `true` , the default is a 128 bit
resumption. If `requestCert` is `true` , the default is a 128 bit
truncated SHA1 hash value generated from command-line. Otherwise,
truncated SHA1 hash value generated from the command-line. Otherwise, a
the default is not provided.
default is not provided.
- `secureProtocol` : The SSL method to use, e.g. `SSLv3_method` to force
- `secureProtocol` : The SSL method to use, e.g., `SSLv3_method` to force
SSL version 3. The possible values depend on your installation of
SSL version 3. The possible values depend on the version of OpenSSL
OpenSSL and are defined in the constant [SSL_METHODS][].
installed in the environment and are defined in the constant [SSL_METHODS][].
Here is a simple example echo server:
Here is a simple example echo server: