Index - Node documentation

Usage

import * as mod from "node:tls";

The node:tls module provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols that is built on top of OpenSSL. The module can be accessed using:

const tls = require('node:tls');

Classes

c
Server

Accepts encrypted connections using TLS or SSL.

c
TLSSocket

Performs transparent encryption of written data and all required TLS negotiation.

Functions

f
checkServerIdentity

Verifies the certificate cert is issued to hostname.

f
connect

The callback function, if specified, will be added as a listener for the 'secureConnect' event.

f
createSecureContext

createServer sets the default value of the honorCipherOrder option to true, other APIs that create secure contexts leave it unset.

f
createServer

Creates a new Server. The secureConnectionListener, if provided, is automatically set as a listener for the 'secureConnection' event.

f
getCiphers

Returns an array with the names of the supported TLS ciphers. The names are lower-case for historical reasons, but must be uppercased to be used in the ciphers option of createSecureContext.

f
createSecurePair

Creates a new secure pair object with two streams, one of which reads and writes the encrypted data and the other of which reads and writes the cleartext data. Generally, the encrypted stream is piped to/from an incoming encrypted data stream and the cleartext one is used as a replacement for the initial encrypted stream.

Interfaces

I
Certificate
No documentation available
I
CipherNameAndProtocol
No documentation available
I
CommonConnectionOptions
No documentation available
I
ConnectionOptions
No documentation available
I
DetailedPeerCertificate
No documentation available
I
EphemeralKeyInfo
No documentation available
I
KeyObject
No documentation available
I
PeerCertificate
No documentation available
I
PSKCallbackNegotation
No documentation available
I
PxfObject
No documentation available
I
SecureContext
No documentation available
I
SecureContextOptions
No documentation available
I
TlsOptions
No documentation available
I
TLSSocketOptions
No documentation available
I
SecurePair
No documentation available

Type Aliases

T
SecureVersion
No documentation available

Variables

v
CLIENT_RENEG_LIMIT
No documentation available
v
CLIENT_RENEG_WINDOW
No documentation available
v
DEFAULT_CIPHERS

The default value of the ciphers option of tls.createSecureContext(). It can be assigned any of the supported OpenSSL ciphers. Defaults to the content of crypto.constants.defaultCoreCipherList, unless changed using CLI options using --tls-default-ciphers.

v
DEFAULT_ECDH_CURVE

The default curve name to use for ECDH key agreement in a tls server. The default value is 'auto'. See tls.createSecureContext() for further information.

v
DEFAULT_MAX_VERSION

The default value of the maxVersion option of tls.createSecureContext(). It can be assigned any of the supported TLS protocol versions, 'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1'. Default: 'TLSv1.3', unless changed using CLI options. Using --tls-max-v1.2 sets the default to 'TLSv1.2'. Using --tls-max-v1.3 sets the default to 'TLSv1.3'. If multiple of the options are provided, the highest maximum is used.

v
DEFAULT_MIN_VERSION

The default value of the minVersion option of tls.createSecureContext(). It can be assigned any of the supported TLS protocol versions, 'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1'. Default: 'TLSv1.2', unless changed using CLI options. Using --tls-min-v1.0 sets the default to 'TLSv1'. Using --tls-min-v1.1 sets the default to 'TLSv1.1'. Using --tls-min-v1.3 sets the default to 'TLSv1.3'. If multiple of the options are provided, the lowest minimum is used.

v
rootCertificates

An immutable array of strings representing the root certificates (in PEM format) used for verifying peer certificates. This is the default value of the ca option to tls.createSecureContext().