tls
The tls module provides Transport Layer Security (TLS) and Secure Socket Layer (SSL) communication support. It is the foundation for https.
API Surface
Server
tls.createServer(options, secureConnectionListener)— create secure server.
Options include:key: private keycert: certificateca: certificate authority list
- Events:
'secureConnection','tlsClientError'.
Client
tls.connect(port, [host], [options], [callback])— connect to secure server.- Options include:
ca,cert,key,rejectUnauthorized. - Returns a TLSSocket (a duplex encrypted stream).
TLSSocket
- Extends
net.Socket. - Events:
'secureConnect','OCSPResponse','session','keylog'. - Properties:
.authorized,.authorizationError. - Methods:
.getPeerCertificate(),.getProtocol().
Examples (English only)
const tls = require("tls");
const fs = require("fs");
// TLS server
const options = {
key: fs.readFileSync("server-key.pem"),
cert: fs.readFileSync("server-cert.pem"),
ca: [fs.readFileSync("ca-cert.pem")]
};
const server = tls.createServer(options, (socket) => {
console.log("Secure connection");
socket.write("Welcome secure client!\n");
socket.setEncoding("utf8");
socket.on("data", (data) => console.log("client:", data));
});
server.listen(8000, () => console.log("TLS server running on 8000"));
// TLS client
const client = tls.connect(8000, { ca: [fs.readFileSync("ca-cert.pem")] }, () => {
if (client.authorized) {
console.log("Connection authorized by CA");
} else {
console.log("Authorization error:", client.authorizationError);
}
client.write("Hello secure server!");
});
client.on("data", (data) => {
console.log("Server:", data.toString());
client.end();
});
Notes
- TLS ensures encryption and authentication of communication.
- Self-signed certificates can be used for testing but not recommended for production.
- Always verify certificates with CA for security.
- TLSSocket behaves like a normal socket but with encryption.