阿西河

所有教程

公众号
🌙
阿西河前端的公众号

我的收藏

    最近访问  (文章)

      教程列表

      抓包专区
      测试专区

      Node.js tls.createServer

      Node.js tls.createServer([options][, secureConnectionListener])

      版本历史

      版本变更
      v9.3.0The options parameter can now include clientCertEngine.
      v8.0.0The ALPNProtocols option can be a Uint8Array now.
      v5.0.0ALPN options are supported now.
      v0.3.2新增于: v0.3.2
      • options < Object>

        • ALPNProtocols: < string[]> | < Buffer[]> | <Uint8Array[]> | < Buffer> |An array of strings, Buffers or Uint8Arrays, or a single Buffer or Uint8Array containing the supported ALPN protocols. Buffers should have the format [len][name][len][name]… e.g. 0x05hello0x05world, where the first byte is the length of the next protocol name. Passing an array is usually much simpler, e.g. [‘hello’, ‘world’]. (Protocols should be ordered by their priority.)
        • clientCertEngine < string> Name of an OpenSSL engine which can provide the client certificate.
        • handshakeTimeout < number> Abort the connection if the SSL/TLS handshake does not finish in the specified number of milliseconds. A ‘tlsClientError’ is emitted on the tls.Server object whenever a handshake times out. Default: 120000 (120 seconds).
        • rejectUnauthorized < boolean> If not false the server will reject any connection which is not authorized with the list of supplied CAs. This option only has an effect if requestCert is true. Default: true.
        • requestCert < boolean> If true the server will request a certificate from clients that connect and attempt to verify that certificate. Default: false.
        • sessionTimeout < number> An integer specifying the number of seconds after which the TLS session identifiers and TLS session tickets created by the server will time out. See SSL_CTX_set_timeout for more details.
        • SNICallback(servername, cb) < Function> A function that will be called if the client supports SNI TLS extension. Two arguments will be passed when called: servername and cb. SNICallback should invoke cb(null, ctx), where ctx is a SecureContext instance. (tls.createSecureContext(…) can be used to get a proper SecureContext.) If SNICallback wasn’t provided the default callback with high-level API will be used (see below).
        • ticketKeys: A 48-byte Buffer instance consisting of a 16-byte prefix, a 16-byte HMAC key, and a 16-byte AES key. This can be used to accept TLS session tickets on multiple instances of the TLS server.
        • …: Any tls.createSecureContext() option can be provided. For servers, the identity options (pfx or key/cert) are usually required.
      • secureConnectionListener < Function>

      • Returns: < tls.Server>

      Creates a new tls.Server. The secureConnectionListener, if provided, is automatically set as a listener for the ‘secureConnection’ event.

      The ticketKeys options is automatically shared between cluster module workers.

      The following illustrates a simple echo server:

      const tls = require('tls');
      const fs = require('fs');
      
      const options = {
        key: fs.readFileSync('server-key.pem'),
        cert: fs.readFileSync('server-cert.pem'),
      
        // This is necessary only if using client certificate authentication.
        requestCert: true,
      
        // This is necessary only if the client uses a self-signed certificate.
        ca: [ fs.readFileSync('client-cert.pem') ]
      };
      
      const server = tls.createServer(options, (socket) => {
        console.log('server connected',
                    socket.authorized ? 'authorized' : 'unauthorized');
        socket.write('welcome!\n');
        socket.setEncoding('utf8');
        socket.pipe(socket);
      });
      server.listen(8000, () => {
        console.log('server bound');
      });
      

      The server can be tested by connecting to it using the example client from tls.connect().


      更多内容请参考:Node.js tls 安全传输层,或者通过 点击对应菜单 进行查看;


      目录
      本文目录
      目录