Skip to main content
tls - Node documentation

Usage in Deno

import * as mod from "node:tls";

The node:tls module provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols that is built on top of OpenSSL. The module can be accessed using:

const tls = require('node:tls');

Classes

c
Server

Accepts encrypted connections using TLS or SSL.

c
TLSSocket

Performs transparent encryption of written data and all required TLSnegotiation.

Functions

f
checkServerIdentity

Verifies the certificate cert is issued to hostname.

f
connect

The callback function, if specified, will be added as a listener for the 'secureConnect' event.

f
createSecureContext

createServer sets the default value of the honorCipherOrder optionto true, other APIs that create secure contexts leave it unset.

f
createServer

Creates a new Server. The secureConnectionListener, if provided, isautomatically set as a listener for the 'secureConnection' event.

f
getCiphers

Returns an array with the names of the supported TLS ciphers. The names arelower-case for historical reasons, but must be uppercased to be used inthe ciphers option of createSecureContext.

f
createSecurePair

Creates a new secure pair object with two streams, one of which reads and writesthe encrypted data and the other of which reads and writes the cleartext data.Generally, the encrypted stream is piped to/from an incoming encrypted datastream and the cleartext one is used as a replacement for the initial encryptedstream.

Interfaces

I
Certificate
No documentation available
I
CipherNameAndProtocol
No documentation available
I
CommonConnectionOptions
No documentation available
I
ConnectionOptions
No documentation available
I
DetailedPeerCertificate
No documentation available
I
EphemeralKeyInfo
No documentation available
I
KeyObject
No documentation available
I
PeerCertificate
No documentation available
I
PSKCallbackNegotation
No documentation available
I
PxfObject
No documentation available
I
SecureContext
No documentation available
I
SecureContextOptions
No documentation available
I
TlsOptions
No documentation available
I
TLSSocketOptions
No documentation available
I
SecurePair
No documentation available

Type Aliases

T
SecureVersion
No documentation available

Variables

v
CLIENT_RENEG_LIMIT
No documentation available
v
CLIENT_RENEG_WINDOW
No documentation available
v
DEFAULT_CIPHERS

The default value of the ciphers option of tls.createSecureContext().It can be assigned any of the supported OpenSSL ciphers.Defaults to the content of crypto.constants.defaultCoreCipherList, unlesschanged using CLI options using --tls-default-ciphers.

v
DEFAULT_ECDH_CURVE

The default curve name to use for ECDH key agreement in a tls server.The default value is 'auto'. See tls.createSecureContext() for furtherinformation.

v
DEFAULT_MAX_VERSION

The default value of the maxVersion option oftls.createSecureContext(). It can be assigned any of the supported TLSprotocol versions, 'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1'. Default:'TLSv1.3', unless changed using CLI options. Using --tls-max-v1.2 setsthe default to 'TLSv1.2'. Using --tls-max-v1.3 sets the default to'TLSv1.3'. If multiple of the options are provided, the highest maximumis used.

v
DEFAULT_MIN_VERSION

The default value of the minVersion option of tls.createSecureContext().It can be assigned any of the supported TLS protocol versions,'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1'. Default: 'TLSv1.2', unlesschanged using CLI options. Using --tls-min-v1.0 sets the default to'TLSv1'. Using --tls-min-v1.1 sets the default to 'TLSv1.1'. Using--tls-min-v1.3 sets the default to 'TLSv1.3'. If multiple of the optionsare provided, the lowest minimum is used.

v
rootCertificates

An immutable array of strings representing the root certificates (in PEMformat) used for verifying peer certificates. This is the default valueof the ca option to tls.createSecureContext().