Returns the reason why the peer's certificate was not been verified. This property is set only when tlsSocket.authorized === false
.
Returns true
if the peer certificate was signed by one of the CAs specified when creating the tls.TLSSocket
instance, otherwise false
.
Always returns true
. This may be used to distinguish TLS sockets from regular net.Socket
instances.
Returns the string representation of the local IP address.
Returns the numeric representation of the local port.
Returns the string representation of the remote IP address. For example, '74.125.127.100'
or '2001:4860:a005::68'
.
Returns the string representation of the remote IP family. 'IPv4'
or 'IPv6'
.
The numeric representation of the remote port. For example, 443.
Returns an object representing the cipher name and the SSL/TLS protocol version that first defined the cipher.
Returns an object representing the type, name, and size of parameter of an ephemeral key exchange in Perfect Forward Secrecy on a client connection. It returns an empty object when the key exchange is not ephemeral. As this is only supported on a client socket; null
is returned if called on a server socket. The supported types are 'DH'
and 'ECDH'
. The name
property is available only when type is 'ECDH'
.
Returns an object representing the peer's certificate. The returned object has some properties corresponding to the fields of the certificate.
Specify true
to request that the full certificate chain with the issuer
property be returned; false to return only the top certificate without the issuer
property.
Returns a string containing the negotiated SSL/TLS protocol version of the current connection. The value 'unknown'
will be returned for connected sockets that have not completed the handshaking process. The value null
will be returned for server sockets or disconnected client sockets.
Returns the ASN.1 encoded TLS session or undefined
if no session was negotiated. Can be used to speed up handshake establishment when reconnecting to the server.
Returns the TLS session ticket or undefined
if no session was negotiated.
Note: This only works with client TLS sockets. Useful only for debugging, for session reuse provide
session option to tls.connect()
.
The tlsSocket.renegotiate()
method initiates a TLS renegotiation process.
Note: This method can be used to request a peer's certificate after the secure connection has been established.
Note: When running as the server, the socket will be destroyed with an error after handshakeTimeout
timeout.
The tlsSocket.setMaxSendFragment()
method sets the maximum TLS fragment size. Returns true
if setting the limit succeeded; false otherwise.
Smaller fragment sizes decrease the buffering latency on the client: larger fragments are buffered by the TLS layer until the entire fragment is received and its integrity is verified; large fragments can span multiple roundtrips and their processing can be delayed due to packet loss or reordering. However, smaller fragments add extra TLS framing bytes and CPU overhead, which may decrease overall server throughput.
The maximum TLS fragment size. Defaults to 16384
. The maximum value is 16384
.
Generated using TypeDoc
Construct a new
tls.TLSSocket
object from an existing TCP socket.