carbond.SslOptions¶
All options relating to SSL for HTTPS server creation
Instance Properties¶
- ¶
ciphers stringDefault undefined Description A string listing supported and unsupported ciphers (see https://www.openssl.org/docs/man1.0.2/apps/ciphers.html for ciphers and format). If omitted, the default ciphers for your version of NodeJS will be used (see tlsdocumentation for details).
- ¶
crl stringDefault undefined Description A certificate revocation list in PEM format
- ¶
dhparam stringDefault undefined Description Diffie Hellman parameters (use openssl dhparamto generate). Note, if these are invalid, they will be silently discarded and the accompanying ciphers will be disabled. Key length must be greater than 1024 bits.
- ¶
ecdhCurve stringDefault undefined Description A string describing a named curve to use for ECDH key agreement or false to disable ECDH. See crypto.getCurves()for a list of supported curve names.
- ¶
handshakeTimeout numberDefault undefined Description Amount of time in milliseconds to wait for the handshake to complete before throwing an error. If omitted, the default value of 120 seconds will be used.
- ¶
honorCipherOrder booleanDefault trueDescription Use the server’s preferred cipher instead of the client’s
- ¶
NPNProtocols string[]Default undefined Description An array of possible NPN protocols, listed in order of priority
rejectUnauthorized booleanDefault false Description Reject connections whose client certificate is not authorized by any of the CAs. This is only applicable if requestCertistrue.
- ¶
requestCert booleanDefault false Description Whether of not to request and verify the client’s certificate
- ¶
secureProtocol stringDefault 'TLSv1_method'Description The SSL method to use. The possible values depend on the version of OpenSSL installed in the environment. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_new.html for possible values.
- ¶
serverKeyPassphrase stringDefault undefined Description The server key passphrase (this will be sanitized after initialization)
- ¶
serverKeyPath stringRequired Description Path to the server private key in PEM format
- ¶
sessionIdContext stringDefault undefined Description A string containing an opaque identifier for session resumption. If requestCert is true, the default is a 128 bit truncated SHA1 hash value generated from the command-line. Otherwise, a default is not provided.
- ¶
sessionTimeout numberDefault undefined Description The number of seconds after which TLS sessions should timeout. If omitted, the default is 300 seconds.
- ¶
SNICallback functionDefault undefined Description A callback that takes the arguments servernameandcb. This will be called if the client supports SNI TLS extension and should callcbwith(null, ctx), wherectxis aSecureContextinstance as returned bytls.createSecureContext(...). If this omitted, Node’s default callback will be used (see Node documentation for more details).
- ¶
ticketKeys BufferDefault undefined Description A 48 byte Bufferinstance with a 16-byte prefix, a 16-byte HMAC key, and a 16-byte AES key. This can be used to accept TLS session tickets on multiple instances of the TLS server.
- ¶
trustedCertsPaths string[]Default undefined Description Paths to all trusted CAs. If this is omitted, well known trusted CAs will be used (e.g. Verisign). Used to authorize connections