Open In App

Node.js TLS/SSL Complete Reference

Last Updated : 04 Apr, 2023
Like Article

The tls module provides an implementation of the Transport Layer Security (TLS) and Secure Socket Layer (SSL) protocols that are built on top of OpenSSL.



// Node.js program to demonstrate the
// tls.getCiphers() method
const tls = require('tls'),
    fs = require('fs'),
    // Port and host address for server
    PORT = 1337,
    HOST = '',
    value = null;
// Private key and public certificate for access
const options = {
    key: fs.readFileSync('private-key.pem'),
    cert: fs.readFileSync('public-cert.pem'),
    rejectUnauthorized: false
// Creating and initializing server
const server = tls.createServer(options, function (socket) {
    // Print the data that we received
    socket.on('data', function (data) {
        console.log('\nReceived: %s ',
            data.toString().replace(/(\n)/gm, ""));
    // Stopping the server
    // by using the close() method
    server.close(() => {
        console.log("Server closed successfully");
// Start listening on a specific port and address
// by using listen() method
server.listen(PORT, HOST, function () {
    console.log("I'm listening at %s, on port %s", HOST, PORT);
// Creating and initializing client
const client = tls.connect(PORT, HOST, options, function () {
    // Getting list of cipher
    // by using tls.getCiphers() method
    value = tls.getCiphers();
    client.write(" Cipher : " + value[12]);
    client.end(() => {
        console.log("Client closed successfully");


I'm listening at, on port 1337
Client closed successfully

Received:  Cipher : dhe-psk-chacha20-poly1305
Server closed successfully

The Complete list of TLS/SSL are listed below:



maxFreeSockets It uses the HTTP server and client, we need to call them (by ‘require(‘http’)‘). 
tls.createServer() Create a tls.Server object.
rootCertificates() Return the array of strings representing the root certificates.
getCiphers() Return the array of the supported TLS ciphers.



writableEnded  This property does not indicate whether the data has been flushed, for this use request.

Class: tls.TLSSocket

Class: tls.TLSSocket Method


address() Get the bound address, the address family name, and the port of the underlying socket.
enableTrace() Debug TLS connection problems.
getCipher() Return the object containing information on the negotiated cipher suite.
getCertificate() Return an object representing the local certificate.
getProtocol() Return a string containing the negotiated SSL/TLS protocol version of the current connection.
getFinished() Return the latest Finished message that has been sent to the socket as part of an SSL/TLS handshake
getSession() Return the TLS session data or undefined if no session was negotiated.
getSharedSigalgs() Return the array of signature algorithms shared between the server and the client.
getPeerFinished() Return the latest Finished message that has been sent to the socket as part of an SSL/TLS handshake
getPeerCertificate() Return an object representing the peer’s certificate.
getEphemeralKeyInfo() Return an object containing information of ephemeral key exchange.
isSessionReused() Check if the session key was reused or not.
localAddress Return the string representation of the local IP address.
remoteAddress Return the string representation of the remote IP address.
setMaxSendFragment() Set the maximum TLS fragment size.
exportKeyingMaterial() Return the requested bytes of the keying material to prevent different kinds of attacks in network protocols.
remotePort Return the string representation of the remote port.

Class: tls.TLSSocket  Property


authorized Check if the peer certificate was signed by one of the CAs specified or not.
authorizationError Get the reason why the peer’s certificate was not been verified. 
remoteFamily Return the string representation of the remote IP family.

Like Article
Suggest improvement
Share your thoughts in the comments

Similar Reads