TLS

Node.js tls module — TLS/SSL encrypted networking.

Module: node:tls Support: Experimental Since: 1.1.0 Docs: Node.js Docs

Static Methods

🟢 connect(options, callback)
Options for establishing a TLS connection.
🟢 createSecureContext(options)
Creates a new TLS secure context for use with servers and clients.
🟢 createServer(options, secureConnectionListener)
Creates a new TLS server.
🟢 checkServerIdentity(hostname, cert)
Verifies that the certificate matches the expected hostname.

Properties

🟢 rootCertificates
— Array of root CA certificates bundled with Node.js.
🟢 DEFAULT_ECDH_CURVE
— The default ECDH curve name used in TLS (e.g. "auto").
🟢 DEFAULT_MAX_VERSION
— The default maximum TLS version accepted.
🟢 DEFAULT_MIN_VERSION
— The default minimum TLS version accepted.

Dictionary TlsConnectOptions

Options for establishing a TLS connection.

Since: 1.1.0 Docs: Node.js Docs

11 members: 1 supported, 10 undocumented

Properties

🟢 port
Options for establishing a TLS connection.
⚪ host
Remote hostname (default: "localhost").
⚪ rejectUnauthorized
If true, rejects unauthorized server certificates (default: true).
⚪ servername
Server name for SNI; defaults to host.
⚪ ALPNProtocols
List of ALPN protocol names in preference order.
⚪ minVersion
Minimum TLS version to accept (e.g. "TLSv1.2").
⚪ maxVersion
Maximum TLS version to accept.
⚪ ciphers
OpenSSL cipher suite string.
⚪ ca
Trusted CA certificate(s) (PEM string, Buffer, or array).
⚪ cert
Client certificate (PEM string or Buffer).
⚪ key
Client certificate (PEM string or Buffer).

---

Dictionary SecureContextOptions

Options for creating a TLS secure context.

Since: 1.1.0 Docs: Node.js Docs

9 members: 9 undocumented

Properties

⚪ ca
Trusted CA certificate(s) (PEM string, Buffer, or array).
⚪ cert
Client certificate (PEM string or Buffer).
⚪ key
Client certificate (PEM string or Buffer).
⚪ ciphers
OpenSSL cipher suite string.
⚪ honorCipherOrder
If true, prefer the server's cipher order over the client's.
⚪ minVersion
Minimum TLS version to accept (e.g. "TLSv1.2").
⚪ maxVersion
Maximum TLS version to accept.
⚪ passphrase
Passphrase to decrypt the private key.
⚪ pfx
PFX/PKCS#12 encoded private key and certificate chain.

---

Interface TLSSocket

A TLS-encrypted Socket wrapping a net.Socket.

Extends: Socket Implements: EventEmitter Since: 1.1.0 Docs: Node.js Docs

11 members: 10 supported, 1 undocumented

Methods

🟢 getPeerCertificate(detailed)
Returns the peer (remote) certificate as an object.
🟢 getProtocol()
Returns the negotiated TLS protocol version string (e.g. "TLSv1.3"), or null.
🟢 getCipher()
Returns an object describing the negotiated cipher suite.
🟢 getSession()
Returns an object containing the current TLS session data.
🟢 renegotiate(options, callback)
Initiates a TLS renegotiation.
🟢 setMaxSendFragment(size)
Sets the maximum TLS record size for sends.

Properties

🟢 authorized
— True if the peer certificate was signed by a trusted CA.
🟢 authorizationError
— Authorization error if authorized is false, otherwise null.
🟢 encrypted
— Always true — confirms that the socket uses TLS encryption.
🟢 alpnProtocol
— The negotiated ALPN protocol, or null/false if none.
⚪ servername
Server name for SNI; defaults to host.

---

Details

renegotiate(options, callback)

renegotiate(options: object, callback: object)

renegotiate(options: object, callback: object)

Initiates a TLS renegotiation.
ParameterTypeDescription
optionsobjectRenegotiation options (e.g. rejectUnauthorized, requestCert)
callbackobjectCalled with (err) when renegotiation completes
> Known issue: TLS renegotiation is disabled by default in modern TLS implementations

---