Packages

class TLSSocket extends Object with StObject

Performs transparent encryption of written data and all required TLS negotiation.

Instances of tls.TLSSocket implement the duplex Stream interface.

Methods that return TLS connection metadata (e.g.TLSSocket.getPeerCertificate will only return data while the connection is open.

Annotations
@JSType() @JSImport("tls", "TLSSocket") @native()
Since

v0.11.4

Linear Supertypes
StObject, Object, Any, AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. TLSSocket
  2. StObject
  3. Object
  4. Any
  5. AnyRef
  6. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new TLSSocket(socket: Socket, options: TLSSocketOptions)
  2. new TLSSocket(socket: Socket)

    Construct a new tls.TLSSocket object from an existing TCP socket.

  3. new TLSSocket()
    Attributes
    protected

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. def addListener(event: String, listener: Function1[Any, Unit]): TLSSocket.this.type
  5. def addListener_OCSPResponse(event: OCSPResponse, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("addListener")
  6. def addListener_keylog(event: keylog, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("addListener")
  7. def addListener_secureConnect(event: secureConnect, listener: Function0[Unit]): TLSSocket.this.type
    Annotations
    @JSName("addListener")
  8. def addListener_session(event: session, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("addListener")
  9. var alpnProtocol: |[|[String, false], Null]

    String containing the selected ALPN protocol.

    String containing the selected ALPN protocol. Before a handshake has completed, this value is always null. When a handshake is completed but not ALPN protocol was selected, tlsSocket.alpnProtocol equals false.

  10. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  11. var authorizationError: Error

    Returns the reason why the peer's certificate was not been verified.

    Returns the reason why the peer's certificate was not been verified. This property is set only when tlsSocket.authorized === false.

    Since

    v0.11.4

  12. var authorized: Boolean

    Returns true if the peer certificate was signed by one of the CAs specified when creating the tls.TLSSocket instance, otherwise false.

    Returns true if the peer certificate was signed by one of the CAs specified when creating the tls.TLSSocket instance, otherwise false.

    Since

    v0.11.4

  13. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @HotSpotIntrinsicCandidate()
  14. def disableRenegotiation(): Unit

    Disables TLS renegotiation for this TLSSocket instance.

    Disables TLS renegotiation for this TLSSocket instance. Once called, attempts to renegotiate will trigger an 'error' event on the TLSSocket.

    Since

    v8.4.0

  15. def emit(event: Symbol, args: Any*): Boolean
  16. def emit(event: String, args: Any*): Boolean
  17. def emit_OCSPResponse(event: OCSPResponse, response: Buffer): Boolean
    Annotations
    @JSName("emit")
  18. def emit_keylog(event: keylog, line: Buffer): Boolean
    Annotations
    @JSName("emit")
  19. def emit_secureConnect(event: secureConnect): Boolean
    Annotations
    @JSName("emit")
  20. def emit_session(event: session, session: Buffer): Boolean
    Annotations
    @JSName("emit")
  21. def enableTrace(): Unit

    When enabled, TLS packet trace information is written to stderr.

    When enabled, TLS packet trace information is written to stderr. This can be used to debug TLS connection problems.

    Note: The format of the output is identical to the output of openssl s_client -trace or openssl s_server -trace. While it is produced by OpenSSL'sSSL_trace() function, the format is undocumented, can change without notice, and should not be relied on.

    Since

    v12.2.0

  22. var encrypted: Boolean

    Always returns true.

    Always returns true. This may be used to distinguish TLS sockets from regularnet.Socket instances.

    Since

    v0.11.4

  23. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  24. def equals(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef → Any
  25. def exportKeyingMaterial(length: Double, label: String, context: Buffer): Buffer

    Keying material is used for validations to prevent different kind of attacks in network protocols, for example in the specifications of IEEE 802.1X.

    Keying material is used for validations to prevent different kind of attacks in network protocols, for example in the specifications of IEEE 802.1X.

    Example

    js const keyingMaterial = tlsSocket.exportKeyingMaterial( 128, 'client finished');

    Example return value of keyingMaterial: <Buffer 76 26 af 99 c5 56 8e 42 09 91 ef 9f 93 cb ad 6c 7b 65 f8 53 f1 d8 d9 12 5a 33 b8 b5 25 df 7b 37 9f e0 e2 4f b8 67 83 a3 2f cd 5d 41 42 4c 91 74 ef 2c ... 78 more bytes>

    See the OpenSSL [SSL_export_keying_material](https://www.openssl.org/docs/man1.1.1/man3/SSL_export_keying_material.html) documentation for more information.

    length

    number of bytes to retrieve from keying material

    label

    an application specific label, typically this will be a value from the [IANA Exporter Label Registry](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels).

    context

    Optionally provide a context.

    returns

    requested bytes of the keying material

    Since

    v13.10.0, v12.17.0

  26. def getCertificate(): |[|[PeerCertificate, Object], Null]

    Returns an object representing the local certificate.

    Returns an object representing the local certificate. The returned object has some properties corresponding to the fields of the certificate.

    See TLSSocket.getPeerCertificate for an example of the certificate structure.

    If there is no local certificate, an empty object will be returned. If the socket has been destroyed, null will be returned.

    Since

    v11.2.0

  27. def getCipher(): CipherNameAndProtocol

    Returns an object containing information on the negotiated cipher suite.

    Returns an object containing information on the negotiated cipher suite.

    For example:

    json { "name": "AES128-SHA256", "standardName": "TLS_RSA_WITH_AES_128_CBC_SHA256", "version": "TLSv1.2" }

    See [SSL\_CIPHER\_get\_name](https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_name.html) for more information.

    Since

    v0.11.4

  28. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  29. def getEphemeralKeyInfo(): |[|[EphemeralKeyInfo, Object], Null]

    Returns an object representing the type, name, and size of parameter of an ephemeral key exchange in perfect forward secrecy on a client connection.

    Returns an object representing the type, name, and size of parameter of an ephemeral key exchange in perfect forward secrecy on a client connection. It returns an empty object when the key exchange is not ephemeral. As this is only supported on a client socket; null is returned if called on a server socket. The supported types are 'DH' and 'ECDH'. Thename property is available only when type is 'ECDH'.

    For example: { type: 'ECDH', name: 'prime256v1', size: 256 }.

    Since

    v5.0.0

  30. def getFinished(): UndefOr[Buffer]

    As the Finished messages are message digests of the complete handshake (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can be used for external authentication procedures when the authentication provided by SSL/TLS is not desired or is not enough.

    As the Finished messages are message digests of the complete handshake (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can be used for external authentication procedures when the authentication provided by SSL/TLS is not desired or is not enough.

    Corresponds to the SSL_get_finished routine in OpenSSL and may be used to implement the tls-unique channel binding from [RFC 5929](https://tools.ietf.org/html/rfc5929).

    returns

    The latest Finished message that has been sent to the socket as part of a SSL/TLS handshake, or undefined if no Finished message has been sent yet.

    Since

    v9.9.0

  31. def getPeerCertificate(detailed: Boolean): |[PeerCertificate, DetailedPeerCertificate]
  32. def getPeerCertificate(): PeerCertificate
  33. def getPeerCertificate_Union(): |[PeerCertificate, DetailedPeerCertificate]
    Annotations
    @JSName("getPeerCertificate")
  34. def getPeerCertificate_false(detailed: false): PeerCertificate
    Annotations
    @JSName("getPeerCertificate")
  35. def getPeerCertificate_true(detailed: true): DetailedPeerCertificate

    Returns an object representing the peer's certificate.

    Returns an object representing the peer's certificate. If the peer does not provide a certificate, an empty object will be returned. If the socket has been destroyed, null will be returned.

    If the full certificate chain was requested, each certificate will include anissuerCertificate property containing an object representing its issuer's certificate.

    detailed

    Include the full certificate chain if true, otherwise include just the peer's certificate.

    returns

    A certificate object.

    Annotations
    @JSName("getPeerCertificate")
    Since

    v0.11.4

  36. def getPeerFinished(): UndefOr[Buffer]

    As the Finished messages are message digests of the complete handshake (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can be used for external authentication procedures when the authentication provided by SSL/TLS is not desired or is not enough.

    As the Finished messages are message digests of the complete handshake (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can be used for external authentication procedures when the authentication provided by SSL/TLS is not desired or is not enough.

    Corresponds to the SSL_get_peer_finished routine in OpenSSL and may be used to implement the tls-unique channel binding from [RFC 5929](https://tools.ietf.org/html/rfc5929).

    returns

    The latest Finished message that is expected or has actually been received from the socket as part of a SSL/TLS handshake, or undefined if there is no Finished message so far.

    Since

    v9.9.0

  37. def getPeerX509Certificate(): UndefOr[X509Certificate]

    Returns the peer certificate as an X509Certificate object.

    Returns the peer certificate as an X509Certificate object.

    If there is no peer certificate, or the socket has been destroyed,undefined will be returned.

    Since

    v15.9.0

  38. def getProtocol(): |[String, Null]

    Returns a string containing the negotiated SSL/TLS protocol version of the current connection.

    Returns a string containing the negotiated SSL/TLS protocol version of the current connection. The value 'unknown' will be returned for connected sockets that have not completed the handshaking process. The value null will be returned for server sockets or disconnected client sockets.

    Protocol versions are:

    * 'SSLv3' * 'TLSv1' * 'TLSv1.1' * 'TLSv1.2' * 'TLSv1.3'

    See the OpenSSL [SSL_get_version](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_version.html) documentation for more information.

    Since

    v5.7.0

  39. def getSession(): UndefOr[Buffer]

    Returns the TLS session data or undefined if no session was negotiated.

    Returns the TLS session data or undefined if no session was negotiated. On the client, the data can be provided to the session option of connect to resume the connection. On the server, it may be useful for debugging.

    See Session Resumption for more information.

    Note: getSession() works only for TLSv1.2 and below. For TLSv1.3, applications must use the 'session' event (it also works for TLSv1.2 and below).

    Since

    v0.11.4

  40. def getSharedSigalgs(): Array[String]

    See [SSL\_get\_shared\_sigalgs](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_shared_sigalgs.html) for more information.

    See [SSL\_get\_shared\_sigalgs](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_shared_sigalgs.html) for more information.

    returns

    List of signature algorithms shared between the server and the client in the order of decreasing preference.

    Since

    v12.11.0

  41. def getTLSTicket(): UndefOr[Buffer]

    For a client, returns the TLS session ticket if one is available, orundefined.

    For a client, returns the TLS session ticket if one is available, orundefined. For a server, always returns undefined.

    It may be useful for debugging.

    See Session Resumption for more information.

    Since

    v0.11.4

  42. def getX509Certificate(): UndefOr[X509Certificate]

    Returns the local certificate as an X509Certificate object.

    Returns the local certificate as an X509Certificate object.

    If there is no local certificate, or the socket has been destroyed,undefined will be returned.

    Since

    v15.9.0

  43. def hasOwnProperty(v: String): Boolean
    Definition Classes
    Object
  44. def hashCode(): Int
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  45. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  46. def isPrototypeOf(v: Object): Boolean
    Definition Classes
    Object
  47. def isSessionReused(): Boolean

    See Session Resumption for more information.

    See Session Resumption for more information.

    returns

    true if the session was reused, false otherwise.

    Since

    v0.5.6

  48. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  49. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  50. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @HotSpotIntrinsicCandidate()
  51. def on(event: String, listener: Function1[Any, Unit]): TLSSocket.this.type
  52. def on_OCSPResponse(event: OCSPResponse, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("on")
  53. def on_keylog(event: keylog, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("on")
  54. def on_secureConnect(event: secureConnect, listener: Function0[Unit]): TLSSocket.this.type
    Annotations
    @JSName("on")
  55. def on_session(event: session, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("on")
  56. def once(event: String, listener: Function1[Any, Unit]): TLSSocket.this.type
  57. def once_OCSPResponse(event: OCSPResponse, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("once")
  58. def once_keylog(event: keylog, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("once")
  59. def once_secureConnect(event: secureConnect, listener: Function0[Unit]): TLSSocket.this.type
    Annotations
    @JSName("once")
  60. def once_session(event: session, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("once")
  61. def prependListener(event: String, listener: Function1[Any, Unit]): TLSSocket.this.type
  62. def prependListener_OCSPResponse(event: OCSPResponse, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("prependListener")
  63. def prependListener_keylog(event: keylog, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("prependListener")
  64. def prependListener_secureConnect(event: secureConnect, listener: Function0[Unit]): TLSSocket.this.type
    Annotations
    @JSName("prependListener")
  65. def prependListener_session(event: session, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("prependListener")
  66. def prependOnceListener(event: String, listener: Function1[Any, Unit]): TLSSocket.this.type
  67. def prependOnceListener_OCSPResponse(event: OCSPResponse, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("prependOnceListener")
  68. def prependOnceListener_keylog(event: keylog, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("prependOnceListener")
  69. def prependOnceListener_secureConnect(event: secureConnect, listener: Function0[Unit]): TLSSocket.this.type
    Annotations
    @JSName("prependOnceListener")
  70. def prependOnceListener_session(event: session, listener: Function1[Buffer, Unit]): TLSSocket.this.type
    Annotations
    @JSName("prependOnceListener")
  71. def propertyIsEnumerable(v: String): Boolean
    Definition Classes
    Object
  72. def renegotiate(options: RejectUnauthorized, callback: Function1[|[Error, Null], Unit]): UndefOr[Boolean]

    The tlsSocket.renegotiate() method initiates a TLS renegotiation process.

    The tlsSocket.renegotiate() method initiates a TLS renegotiation process. Upon completion, the callback function will be passed a single argument that is either an Error (if the request failed) or null.

    This method can be used to request a peer's certificate after the secure connection has been established.

    When running as the server, the socket will be destroyed with an error afterhandshakeTimeout timeout.

    For TLSv1.3, renegotiation cannot be initiated, it is not supported by the protocol.

    callback

    If renegotiate() returned true, callback is attached once to the 'secure' event. If renegotiate() returned false, callback will be called in the next tick with an error, unless the tlsSocket has been destroyed, in which case callback will not be called at all.

    returns

    true if renegotiation was initiated, false otherwise.

    Since

    v0.11.8

  73. def setMaxSendFragment(size: Double): Boolean

    The tlsSocket.setMaxSendFragment() method sets the maximum TLS fragment size.

    The tlsSocket.setMaxSendFragment() method sets the maximum TLS fragment size. Returns true if setting the limit succeeded; false otherwise.

    Smaller fragment sizes decrease the buffering latency on the client: larger fragments are buffered by the TLS layer until the entire fragment is received and its integrity is verified; large fragments can span multiple roundtrips and their processing can be delayed due to packet loss or reordering. However, smaller fragments add extra TLS framing bytes and CPU overhead, which may decrease overall server throughput.

    Since

    v0.11.11

  74. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  75. def toLocaleString(): String
    Definition Classes
    Object
  76. def toString(): String
    Definition Classes
    AnyRef → Any
  77. def valueOf(): Any
    Definition Classes
    Object
  78. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  79. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  80. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated
    Deprecated

Inherited from StObject

Inherited from Object

Inherited from Any

Inherited from AnyRef

Inherited from Any

Ungrouped