Class TlsContextOptions

Options for creating a ClientTlsContext or ServerTlsContext.

nodejs only.

Hierarchy

  • TlsContextOptions

Constructors

Properties

min_tls_version: TlsVersion = TlsVersion.Default

Minimum version of TLS to support. Uses OS/system default if unspecified.

ca_filepath?: string

Path to a single file with all trust anchors in it, in PEM format

ca_dirpath?: string

Path to directory containing trust anchors. Only used on Unix-style systems.

certificate_authority?: string

String with all trust anchors in it, in PEM format

alpn_list: string[] = []

List of ALPN protocols to be used on platforms which support ALPN

certificate_filepath?: string

Path to certificate, in PEM format

certificate?: string

Certificate, in PEM format

private_key_filepath?: string

Path to private key, in PEM format

private_key?: string

Private key, in PEM format

pkcs12_filepath?: string

Path to certificate, in PKCS#12 format. Currently, only supported on OSX

pkcs12_password?: string

Password for PKCS#12. Currently, only supported on OSX.

pkcs11_options?: Pkcs11Options

PKCS#11 options. Currently, only supported on Unix

windows_cert_store_path?: string

Path to certificate in a Windows cert store. Windows only.

verify_peer: boolean = true

In client mode, this turns off x.509 validation. Don't do this unless you are testing. It is much better to just override the default trust store and pass the self-signed certificate as the ca_file argument.

In server mode (ServerTlsContext), this defaults to false. If you want to enforce mutual TLS on the server, set this to true.

Methods

  • Create options configured for mutual TLS in client mode, with client certificate and private key provided as in-memory strings.

    Parameters

    • certificate: string

      Client certificate file contents, in PEM format

    • private_key: string

      Client private key file contents, in PEM format

    Returns TlsContextOptions

    newly configured TlsContextOptions object

  • Create options configured for mutual TLS in client mode, with client certificate and private key provided via filepath.

    Parameters

    • certificate_filepath: string

      Path to client certificate, in PEM format

    • private_key_filepath: string

      Path to private key, in PEM format

    Returns TlsContextOptions

    newly configured TlsContextOptions object

  • Create options for mutual TLS in client mode, with client certificate and private key bundled in a single PKCS#12 file.

    Parameters

    • pkcs12_filepath: string

      Path to PKCS#12 file containing client certificate and private key.

    • pkcs12_password: string

      PKCS#12 password

    Returns TlsContextOptions

    newly configured TlsContextOptions object

  • Parameters

    • pkcs12_filepath: string
    • pkcs12_password: string

    Returns TlsContextOptions

    Deprecated

    Renamed [[create_client_with_mtls_pkcs12_from_path]]

  • Create options configured for mutual TLS in client mode, using a PKCS#11 library for private key operations.

    NOTE: This configuration only works on Unix devices.

    Parameters

    Returns TlsContextOptions

    newly configured TlsContextOptions object

  • Create options configured for mutual TLS in client mode, using a certificate in a Windows certificate store.

    NOTE: Windows only.

    Parameters

    • certificate_path: string

      Path to certificate in a Windows certificate store. The path must use backslashes and end with the certificate's thumbprint. Example: CurrentUser\MY\A11F8A9B5DF5B98BA3508FBCA575D09570E0D2C6

    Returns TlsContextOptions

  • Creates TLS context with peer verification disabled, along with a certificate and private key

    Parameters

    • certificate_filepath: string

      Path to certificate, in PEM format

    • private_key_filepath: string

      Path to private key, in PEM format

    Returns TlsContextOptions

    newly configured TlsContextOptions object

  • Creates TLS context with peer verification disabled, along with a certificate and private key in PKCS#12 format

    Parameters

    • pkcs12_filepath: string

      Path to certificate, in PKCS#12 format

    • pkcs12_password: string

      PKCS#12 Password

    Returns TlsContextOptions

    newly configured TlsContextOptions object

  • Overrides the default system trust store.

    Parameters

    • Optional ca_dirpath: string

      Only used on Unix-style systems where all trust anchors are stored in a directory (e.g. /etc/ssl/certs).

    • Optional ca_filepath: string

      Single file containing all trust CAs, in PEM format

    Returns void

  • Overrides the default system trust store.

    Parameters

    • certificate_authority: string

      String containing all trust CAs, in PEM format

    Returns void

Generated using TypeDoc