The tls module provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols that are built on top of OpenSSL.
Example:
// Node.js program to demonstrate the
// tls.getCiphers() method
const tls = require('tls'),
fs = require('fs'),
// Port and host address for server
PORT = 1337,
HOST = '127.0.0.1',
value = null;
// Private key and public certificate for access
const options = {
key: fs.readFileSync('private-key.pem'),
cert: fs.readFileSync('public-cert.pem'),
rejectUnauthorized: false
};
// Creating and initializing server
const server = tls.createServer(options, function (socket) {
// Print the data that we received
socket.on('data', function (data) {
console.log('\nReceived: %s ',
data.toString().replace(/(\n)/gm, ""));
});
// Stopping the server
// by using the close() method
server.close(() => {
console.log("Server closed successfully");
});
});
// Start listening on a specific port and address
// by using listen() method
server.listen(PORT, HOST, function () {
console.log("I'm listening at %s, on port %s", HOST, PORT);
});
// Creating and initializing client
const client = tls.connect(PORT, HOST, options, function () {
// Getting list of cipher
// by using tls.getCiphers() method
value = tls.getCiphers();
client.write(" Cipher : " + value[12]);
client.end(() => {
console.log("Client closed successfully");
});
});
Output:
I'm listening at 127.0.0.1, on port 1337 Client closed successfully Received: Cipher : dhe-psk-chacha20-poly1305 Server closed successfully
The Complete list of TLS/SSL are listed below:
Methods | Description |
|---|---|
| maxFreeSockets | It uses the HTTP server and client, we need to call them (by ârequire(âhttpâ)â). |
| tls.createServer() | Create a tls.Server object. |
| rootCertificates() | Return the array of strings representing the root certificates. |
| getCiphers() | Return the array of the supported TLS ciphers. |
Property | Description |
|---|---|
| writableEnded | This property does not indicate whether the data has been flushed, for this use request. |
Class: tls.TLSSocket
Class: tls.TLSSocket Method | Description |
| address() | Get the bound address, the address family name, and the port of the underlying socket. |
| enableTrace() | Debug TLS connection problems. |
| getCipher() | Return the object containing information on the negotiated cipher suite. |
| getCertificate() | Return an object representing the local certificate. |
| getProtocol() | Return a string containing the negotiated SSL/TLS protocol version of the current connection. |
| getFinished() | Return the latest Finished message that has been sent to the socket as part of an SSL/TLS handshake |
| getSession() | Return the TLS session data or undefined if no session was negotiated. |
| getSharedSigalgs() | Return the array of signature algorithms shared between the server and the client. |
| getPeerFinished() | Return the latest Finished message that has been sent to the socket as part of an SSL/TLS handshake |
| getPeerCertificate() | Return an object representing the peerâs certificate. |
| getEphemeralKeyInfo() | Return an object containing information of ephemeral key exchange. |
| isSessionReused() | Check if the session key was reused or not. |
| localAddress | Return the string representation of the local IP address. |
| remoteAddress | Return the string representation of the remote IP address. |
| setMaxSendFragment() | Set the maximum TLS fragment size. |
| exportKeyingMaterial() | Return the requested bytes of the keying material to prevent different kinds of attacks in network protocols. |
| remotePort | Return the string representation of the remote port. |
Class: tls.TLSSocket Property | Description |
|---|---|
| authorized | Check if the peer certificate was signed by one of the CAs specified or not. |
| authorizationError | Get the reason why the peerâs certificate was not been verified. |
| remoteFamily | Return the string representation of the remote IP family. |
