Skip to content

Backport tls added: info #7680

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 2 commits into from
Closed

Backport tls added: info #7680

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
cbd3e58
doc: add `added:` information for tls
italoacasas May 27, 2016
838c732
doc: add v4.x-only `added:` information for tls
addaleax Jul 12, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
112 changes: 112 additions & 0 deletions doc/api/tls.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,12 +184,18 @@ used properly authorized.


## Class: tls.Server
<!-- YAML
added: v0.3.2
-->

This class is a subclass of `net.Server` and has the same methods on it.
Instead of accepting just raw TCP connections, this accepts encrypted
connections using TLS or SSL.

### Event: 'clientError'
<!-- YAML
added: v0.11.11
-->

`function (exception, tlsSocket) { }`

Expand All @@ -199,6 +205,9 @@ established it will be forwarded here.
`tlsSocket` is the [`tls.TLSSocket`][] that the error originated from.

### Event: 'newSession'
<!-- YAML
added: v0.9.2
-->

`function (sessionId, sessionData, callback) { }`

Expand All @@ -210,6 +219,9 @@ NOTE: adding this event listener will have an effect only on connections
established after addition of event listener.

### Event: 'OCSPRequest'
<!-- YAML
added: v0.11.13
-->

`function (certificate, issuer, callback) { }`

Expand Down Expand Up @@ -248,6 +260,9 @@ NOTE: you may want to use some npm module like [asn1.js] to parse the
certificates.

### Event: 'resumeSession'
<!-- YAML
added: v0.9.2
-->

`function (sessionId, callback) { }`

Expand All @@ -274,6 +289,9 @@ server.on('resumeSession', (id, cb) => {
```

### Event: 'secureConnection'
<!-- YAML
added: v0.3.2
-->

`function (tlsSocket) {}`

Expand All @@ -292,34 +310,52 @@ server, you unauthorized connections may be accepted.
SNI.

### server.addContext(hostname, context)
<!-- YAML
added: v0.5.3
-->

Add secure context that will be used if client request's SNI hostname is
matching passed `hostname` (wildcards can be used). `context` can contain
`key`, `cert`, `ca` and/or any other properties from
[`tls.createSecureContext()`][] `options` argument.

### server.address()
<!-- YAML
added: v0.6.0
-->

Returns the bound address, the address family name and port of the
server as reported by the operating system. See [`net.Server.address()`][] for
more information.

### server.close([callback])
<!-- YAML
added: v0.3.2
-->

Stops the server from accepting new connections. This function is
asynchronous, the server is finally closed when the server emits a `'close'`
event. Optionally, you can pass a callback to listen for the `'close'` event.

### server.connections
<!-- YAML
added: v0.3.2
-->

The number of concurrent connections on the server.

### server.getTicketKeys()
<!-- YAML
added: v3.0.0
-->

Returns `Buffer` instance holding the keys currently used for
encryption/decryption of the [TLS Session Tickets][]

### server.listen(port[, hostname][, callback])
<!-- YAML
added: v0.3.2
-->

Begin accepting connections on the specified `port` and `hostname`. If the
`hostname` is omitted, the server will accept connections on any IPv6 address
Expand All @@ -332,11 +368,17 @@ when the server has been bound.
See `net.Server` for more information.

### server.maxConnections
<!-- YAML
added: v0.2.0
-->

Set this property to reject connections when the server's connection count
gets high.

### server.setTicketKeys(keys)
<!-- YAML
added: v3.0.0
-->

Updates the keys for encryption/decryption of the [TLS Session Tickets][].

Expand All @@ -348,6 +390,9 @@ or currently pending server connections will use previous keys.


## Class: tls.TLSSocket
<!-- YAML
added: v0.11.4
-->

This is a wrapped version of [`net.Socket`][] that does transparent encryption
of written data and all required TLS negotiation.
Expand All @@ -360,6 +405,9 @@ Methods that return TLS connection meta data (e.g.
connection is open.

## new tls.TLSSocket(socket[, options])
<!-- YAML
added: v0.11.4
-->

Construct a new TLSSocket object from existing TCP socket.

Expand Down Expand Up @@ -390,6 +438,9 @@ Construct a new TLSSocket object from existing TCP socket.
on the socket before establishing a secure communication

### Event: 'OCSPResponse'
<!-- YAML
added: v0.11.13
-->

`function (response) { }`

Expand All @@ -400,6 +451,9 @@ Traditionally, the `response` is a signed object from the server's CA that
contains information about server's certificate revocation status.

### Event: 'secureConnect'
<!-- YAML
added: v0.11.4
-->

This event is emitted after a new connection has been successfully handshaked.
The listener will be called no matter if the server's certificate was
Expand All @@ -410,28 +464,44 @@ If `tlsSocket.authorized === false` then the error can be found in
`tlsSocket.npnProtocol` for negotiated protocol.

### tlsSocket.address()
<!-- YAML
added: v0.11.4
-->

Returns the bound address, the address family name and port of the
underlying socket as reported by the operating system. Returns an
object with three properties, e.g.
`{ port: 12346, family: 'IPv4', address: '127.0.0.1' }`

### tlsSocket.authorized
<!-- YAML
added: v0.11.4
-->

A boolean that is `true` if the peer certificate was signed by one of the
specified CAs, otherwise `false`

### tlsSocket.authorizationError
<!-- YAML
added: v0.11.4
-->

The reason why the peer's certificate has not been verified. This property
becomes available only when `tlsSocket.authorized === false`.

### tlsSocket.encrypted
<!-- YAML
added: v0.11.4
-->

Static boolean value, always `true`. May be used to distinguish TLS sockets
from regular ones.

### tlsSocket.getCipher()
<!-- YAML
added: v0.11.4
-->

Returns an object representing the cipher name and the SSL/TLS
protocol version of the current connection.

Expand All @@ -443,6 +513,9 @@ https://www.openssl.org/docs/ssl/ssl.html#DEALING-WITH-CIPHERS for more
information.

### tlsSocket.getPeerCertificate([ detailed ])
<!-- YAML
added: v0.11.4
-->

Returns an object representing the peer's certificate. The returned object has
some properties corresponding to the field of the certificate. If `detailed`
Expand Down Expand Up @@ -479,39 +552,63 @@ If the peer does not provide a certificate, it returns `null` or an empty
object.

### tlsSocket.getSession()
<!-- YAML
added: v0.11.4
-->

Return ASN.1 encoded TLS session or `undefined` if none was negotiated. Could
be used to speed up handshake establishment when reconnecting to the server.

### tlsSocket.getTLSTicket()
<!-- YAML
added: v0.11.4
-->

NOTE: Works only with client TLS sockets. Useful only for debugging, for
session reuse provide `session` option to [`tls.connect()`][].

Return TLS session ticket or `undefined` if none was negotiated.

### tlsSocket.localPort
<!-- YAML
added: v0.11.4
-->

The numeric representation of the local port.

### tlsSocket.localAddress
<!-- YAML
added: v0.11.4
-->

The string representation of the local IP address.

### tlsSocket.remoteAddress
<!-- YAML
added: v0.11.4
-->

The string representation of the remote IP address. For example,
`'74.125.127.100'` or `'2001:4860:a005::68'`.

### tlsSocket.remoteFamily
<!-- YAML
added: v0.11.4
-->

The string representation of the remote IP family. `'IPv4'` or `'IPv6'`.

### tlsSocket.remotePort
<!-- YAML
added: v0.11.4
-->

The numeric representation of the remote port. For example, `443`.

### tlsSocket.renegotiate(options, callback)
<!-- YAML
added: v0.11.8
-->

Initiate TLS renegotiation process. The `options` may contain the following
fields: `rejectUnauthorized`, `requestCert` (See [`tls.createServer()`][] for
Expand All @@ -525,6 +622,9 @@ ANOTHER NOTE: When running as the server, socket will be destroyed
with an error after `handshakeTimeout` timeout.

### tlsSocket.setMaxSendFragment(size)
<!-- YAML
added: v0.11.11
-->

Set maximum TLS fragment size (default and maximum value is: `16384`, minimum
is: `512`). Returns `true` on success, `false` otherwise.
Expand All @@ -538,6 +638,9 @@ decrease overall server throughput.

## tls.connect(options[, callback])
## tls.connect(port[, host][, options][, callback])
<!-- YAML
added: v0.11.3
-->

Creates a new client connection to the given `port` and `host` (old API) or
`options.port` and `options.host`. (If `host` is omitted, it defaults to
Expand Down Expand Up @@ -654,6 +757,9 @@ socket.on('end', () => {
```

## tls.createSecureContext(details)
<!-- YAML
added: v0.11.13
-->

Creates a credentials object, with the optional details being a
dictionary with keys:
Expand Down Expand Up @@ -711,6 +817,9 @@ and the cleartext one is used as a replacement for the initial encrypted stream.
NOTE: `cleartext` has the same APIs as [`tls.TLSSocket`][]

## tls.createServer(options[, secureConnectionListener])
<!-- YAML
added: v0.3.2
-->

Creates a new [tls.Server][]. The `connectionListener` argument is
automatically set as a listener for the [`'secureConnection'`][] event. The
Expand Down Expand Up @@ -901,6 +1010,9 @@ openssl s_client -connect 127.0.0.1:8000
```

## tls.getCiphers()
<!-- YAML
added: v0.10.2
-->

Returns an array with the names of the supported SSL ciphers.

Expand Down