The default value of the ciphers option of {@link createSecureContext()}. It can be assigned any of the supported OpenSSL ciphers. Defaults to the content of crypto.constants.defaultCoreCipherList, unless changed using CLI options using --tls-default-ciphers.

DEFAULT_ECDH_CURVE

external var DEFAULT_ECDH_CURVE: String

The default curve name to use for ECDH key agreement in a tls server. The default value is 'auto'. See {@link createSecureContext()} for further information.

DEFAULT_MAX_VERSION

external var DEFAULT_MAX_VERSION: SecureVersion

The default value of the maxVersion option of {@link createSecureContext()}. It can be assigned any of the supported TLS protocol versions, 'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1'. Default: 'TLSv1.3', unless changed using CLI options. Using --tls-max-v1.2 sets the default to 'TLSv1.2'. Using --tls-max-v1.3 sets the default to 'TLSv1.3'. If multiple of the options are provided, the highest maximum is used.

DEFAULT_MIN_VERSION

external var DEFAULT_MIN_VERSION: SecureVersion

The default value of the minVersion option of {@link createSecureContext()}. It can be assigned any of the supported TLS protocol versions, 'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1'. Default: 'TLSv1.2', unless changed using CLI options. Using --tls-min-v1.0 sets the default to 'TLSv1'. Using --tls-min-v1.1 sets the default to 'TLSv1.1'. Using --tls-min-v1.3 sets the default to 'TLSv1.3'. If multiple of the options are provided, the lowest minimum is used.

rootCertificates

external val rootCertificates: ReadonlyArray<String>

An immutable array of strings representing the root certificates (in PEM format) from the bundled Mozilla CA store as supplied by the current Node.js version.

Functions

checkServerIdentity

external fun checkServerIdentity(hostname: String, cert: PeerCertificate): JsError?

Verifies the certificate cert is issued to hostname.

connect

external fun connect(port: Number): TLSSocket

external fun connect(port: Number, options: ConnectionOptions = definedExternally, secureConnectListener: () -> Unit = definedExternally): TLSSocket

external fun connect(port: Number, host: String = definedExternally, options: ConnectionOptions = definedExternally, secureConnectListener: () -> Unit = definedExternally): TLSSocket

external fun connect(options: ConnectionOptions, secureConnectListener: () -> Unit = definedExternally): TLSSocket

The callback function, if specified, will be added as a listener for the 'secureConnect' event.

createSecureContext

external fun createSecureContext(options: SecureContextOptions = definedExternally): SecureContext

{@link createServer} sets the default value of the honorCipherOrder option to true, other APIs that create secure contexts leave it unset.

createSecurePair

external fun createSecurePair(context: SecureContext = definedExternally, isServer: Boolean = definedExternally, requestCert: Boolean = definedExternally, rejectUnauthorized: Boolean = definedExternally): SecurePair

Creates a new secure pair object with two streams, one of which reads and writes the encrypted data and the other of which reads and writes the cleartext data. Generally, the encrypted stream is piped to/from an incoming encrypted data stream and the cleartext one is used as a replacement for the initial encrypted stream.

createServer

external fun createServer(secureConnectionListener: (socket: TLSSocket) -> Unit = definedExternally): Server

Creates a new {@link Server}. The secureConnectionListener, if provided, is automatically set as a listener for the 'secureConnection' event.

external fun createServer(options: TlsOptions, secureConnectionListener: (socket: TLSSocket) -> Unit = definedExternally): Server

getCiphers

external fun getCiphers(): ReadonlyArray<String>

Returns an array with the names of the supported TLS ciphers. The names are lower-case for historical reasons, but must be uppercased to be used in the ciphers option of {@link createSecureContext}.