The following chart shows the availability of each TLS module API function on each platform.
Linux (Ubuntu) |
Tizen (Raspberry Pi) |
Raspbian (Raspberry Pi) |
Nuttx (STM32F4-Discovery) |
TizenRT (Artik053) |
|
---|---|---|---|---|---|
tls.connect | O | O | O | O | O |
tls.createServer | O | O | O | O | O |
tls.createSecureContext | O | O | O | O | O |
tls.Server | O | O | O | O | O |
tls.TLSSocket | O | O | O | O | O |
tls.TLSSocket.write | O | O | O | O | O |
tls.TLSSocket.pause | O | O | O | O | O |
tls.TLSSocket.end | O | O | O | O | O |
tls.TLSSocket.resume | O | O | O | O | O |
tls.TLSSocket.pause | O | O | O | O | O |
As even a couple of sockets/servers/requests require a considerable size of memory, on NuttX/STM32F4-Discovery and TizenRT/Artik053 the number of such sockets are limited.
Transport Layer Security makes secure communication over sockets possible.
options
{Object}host
{string} Host the client should connect to, defaults to 'localhost'.port
{number} Port the client should connect to.socket
{stream.Duplex} Optional, typically an instance ofnet.Socket
. If this options is specified, host and port are ignored. The user passing the options is responsible for it connecting to the server.tls.connect
won't callnet.connect
on it.rejectUnauthorized
{boolean} Whether the server certificate should be verified against the list of supplied CAs. Anerror
event is emitted if verifications fails;err.code
contains the MbedTLS error code. Defaults tofalse
. NOT READYservername
{string} Server name for the SNI (Server name Indication) TLS extension. NOT READYsession
{Buffer} ABuffer
containing a TLS session. NOT READYminDHSize
{number} The minimum size of the DH parameter in bits to accept a TLS connection. If a server offers a DH parameter with a size less than specified, the TLS connection is destroyed and an error is thrown. Defaults to1024
.lookup
{Function} Custom lookup. Defaults todns.lookup()
.
callback
{Function} The callback function will be added as a listener for thesecureConnect
event.
Returns a tls.TLSSocket
object.
Example
var tls = require('tls');
var opts = {
host: '127.0.0.1',
port: 443,
rejectUnauthorized: true
}
var socket = tls.connect(opts, function() {
socket.write('Hello IoT.js');
socket.end();
});
port
{number} Port the client should connect to.host
{string} Host the client should connect to, defaults to 'localhost'.options
{Object} Seetls.connect()
.callback
{Function} Seetls.connect()
.
Same as tls.connect() except that port and host can be provided as arguments instead of options. A port or host option, if specified, will take precedence over any port or host argument.
Example
var tls = require('tls');
var socket = tls.connect(443, 'localhost', function() {
socket.write('Hello IoT.js');
socket.end();
});
options
{object} Accepts the same options as thetls.Server()
andtls.createSecureContext()
.secureConnectionListener
{Function}socket
{tls.TLSSocket} The connected TLSSocket.
- Returns {tls.Server}
Create a TLS Server. Behaves the same way as the new tls.Server(options, secureConnectionListener)
call.
Example
var fs = require('fs');
var tls = require('tls');
var options = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.crt')
};
var server = tls.createServer(options, function(socket) {
console.log('got connection');
...
});
server.listen(8081);
options
{object}ca
{string | Buffer} Optional trusted CA certificates. No default is provided.cert
{string | Buffer} Cert chains in PEM format.key
{string | Buffer} Private keys in PEM format.
- Returns {Object}
The method returns a special object containing the tls context and credential information.
A server object representing a TLS server. Based on the net.Server
.
All events, methods and properties are inherited from the net.Server
.
options
{object} Options for the TLS connection.secureContext
{object} An special object containing the tls credential information. This should be only created via atls.createSecureContext()
call if needed. If not provided a secureContext will be created automatically, using theoptions
object. No default value is provided.- Additional options are from
tls.createSecureContext()
.
secureConnectionListener
{Function}socket
{tls.TLSSocket}
- Returns {tls.Server}
Creates new tls.Server
object. The secureConnectionListener
method is automatically set
as a listener for the 'secureConnection'
event.
To correctly create a TLS Server the server certificates should be provided in the options
object.
Example
var fs = require('fs');
var tls = require('tls');
var options = {
key: fs.readFileSync('server.key'),
cert: fs.readFileSync('server.crt')
};
var server = new tls.Server(options, function(socket) {
console.log('got connection');
...
});
server.listen(8081);
The TLSSocket
is responsible for all TLS negotiations and data encryption on a net.Socket
.
Just like net.Socket
it uses a Stream.duplex
interface.
socket
{net.Socket | stream.Duplex}options
{Object}isServer
{boolean} The TLSSocket must know if it represents the server or client side of the connection. Default:false
.secureContext
{Object} The TLS context object. If none provided one will be created with thetls.createSecureContext
method using the givenoptions
object.
- Returns {tls.TLSSocket}
Creates a new TLSSocket object for an existing TCP socket.
Returns an object containing the bound address, family name, and port of the socket.{port: 443, family: 'IPv4', address: '127.0.0.1'}
Returns the reason why the peer's certificate has not been verified.
Returns true
if the peer certificate was signed by one of the CAs specified when creating the tls.TLSSocket
instance, otherwise false.
Always returns true
, can be used to distinguish TLS sockets from regular net.Socket
s.
Returns a string containing the negotiated SSL/TLS protocol version of the connection. If the handshaking has not been complete, unknown
will be returned. The value null
will be returned for server sockets or disconnected client sockets.
Returns a string representing the local IP address.
Returns a number representing the local port.
Returns a string representing the remote IP address.
Returns a string representing the remote IP family.
Returns a number representing the remote port.