Options
All
  • Public
  • Public/Protected
  • All
Menu

Class TlsContextOptions

Options for creating a ClientTlsContext or ServerTlsContext.

nodejs only.

Hierarchy

  • TlsContextOptions

Index

Properties

alpn_list

alpn_list: string[] = []

List of ALPN protocols to be used on platforms which support ALPN

Optional ca_dirpath

ca_dirpath: string

Path to directory containing trust anchors. Only used on Unix-style systems.

Optional ca_filepath

ca_filepath: string

Path to a single file with all trust anchors in it, in PEM format

Optional certificate

certificate: string

Certificate, in PEM format

Optional certificate_authority

certificate_authority: string

String with all trust anchors in it, in PEM format

Optional certificate_filepath

certificate_filepath: string

Path to certificate, in PEM format

min_tls_version

min_tls_version: TlsVersion = TlsVersion.Default

Minimum version of TLS to support. Uses OS/system default if unspecified.

Optional pkcs12_filepath

pkcs12_filepath: string

Path to certificate, in PKCS#12 format. Currently, only supported on OSX

Optional pkcs12_password

pkcs12_password: string

Password for PKCS#12. Currently, only supported on OSX.

Optional private_key

private_key: string

Private key, in PEM format

Optional private_key_filepath

private_key_filepath: string

Path to private key, in PEM format

verify_peer

verify_peer: boolean = false

In client mode, this turns off x.509 validation. Don't do this unless you are testing. It is much better to just override the default trust store and pass the self-signed certificate as the ca_file argument.

In server mode, this defaults to false. If you want to enforce mutual TLS on the server, set this to true.

Methods

override_default_trust_store

  • override_default_trust_store(certificate_authority: string): void
  • Overrides the default system trust store.

    Parameters

    • certificate_authority: string

      String containing all trust CAs, in PEM format

    Returns void

override_default_trust_store_from_path

  • override_default_trust_store_from_path(ca_dirpath?: string, ca_filepath?: string): void
  • Overrides the default system trust store.

    Parameters

    • Optional ca_dirpath: string

      Only used on Unix-style systems where all trust anchors are stored in a directory (e.g. /etc/ssl/certs).

    • Optional ca_filepath: string

      Single file containing all trust CAs, in PEM format

    Returns void

Static create_client_with_mtls

  • create_client_with_mtls(certificate: string, private_key: string): TlsContextOptions
  • Creates a client with secure-by-default options, along with a client cert and private key

    Parameters

    • certificate: string

      Client certificate, in PEM format

    • private_key: string

      Client private key, in PEM format

    Returns TlsContextOptions

Static create_client_with_mtls_from_path

  • create_client_with_mtls_from_path(certificate_filepath: string, private_key_filepath: string): TlsContextOptions
  • Creates a client with secure-by-default options, along with a client cert and private key

    Parameters

    • certificate_filepath: string

      Path to client certificate, in PEM format

    • private_key_filepath: string

      Path to private key, in PEM format

    Returns TlsContextOptions

Static create_client_with_mtls_pkcs_from_path

  • create_client_with_mtls_pkcs_from_path(pkcs12_filepath: string, pkcs12_password: string): TlsContextOptions
  • Creates a TLS context with secure-by-default options, along with a client cert and password

    Parameters

    • pkcs12_filepath: string

      Path to client certificate in PKCS#12 format

    • pkcs12_password: string

      PKCS#12 password

    Returns TlsContextOptions

Static create_server_with_mtls_from_path

  • create_server_with_mtls_from_path(certificate_filepath: string, private_key_filepath: string): TlsContextOptions
  • Creates TLS context with peer verification disabled, along with a certificate and private key

    Parameters

    • certificate_filepath: string

      Path to certificate, in PEM format

    • private_key_filepath: string

      Path to private key, in PEM format

    Returns TlsContextOptions

Static create_server_with_mtls_pkcs_from_path

  • create_server_with_mtls_pkcs_from_path(pkcs12_filepath: string, pkcs12_password: string): TlsContextOptions
  • Creates TLS context with peer verification disabled, along with a certificate and private key in PKCS#12 format

    Parameters

    • pkcs12_filepath: string

      Path to certificate, in PKCS#12 format

    • pkcs12_password: string

      PKCS#12 Password

    Returns TlsContextOptions

Generated using TypeDoc