Skip to content

Instantly share code, notes, and snippets.

@Terance98
Forked from anhldbk/README.md
Created May 20, 2020 15:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Terance98/abc46f017e93cd886cfe64c0321ae7e2 to your computer and use it in GitHub Desktop.
Save Terance98/abc46f017e93cd886cfe64c0321ae7e2 to your computer and use it in GitHub Desktop.
TLS client & server in NodeJS

1. Overview

This is an example of using module tls in NodeJS to create a client securely connecting to a TLS server.

It is a modified version from documentation about TLS, in which:

  • The server is a simple echo one. Clients connect to it, get the same thing back if they send anything to the server.
  • The server is a TLS-based server.
  • Clients somehow get the server's public key and use it to work securely with the server

2. Preparation

We need to generate keys & certs for the server. Pay attention to Common Name (e.g. server FQDN or YOUR name) when creating server-csr.pem. It should be your domain name.

$ mkdir tls
$ cd tls
$ openssl genrsa -out server-key.pem 4096
$ openssl req -new -key server-key.pem -out server-csr.pem
$ openssl x509 -req -in server-csr.pem -signkey server-key.pem -out server-cert.pem

For example:

$ openssl req -new -key server-key.pem -out server-csr.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:VN
State or Province Name (full name) [Some-State]:Hanoi
Locality Name (eg, city) []:Hanoi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Evolas Technologies
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:evolastech.com
Email Address []:hi@evolastech.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

3. Run the demo

$ node server.js &
$ node client.js &

You may have following things printed out:

server bound
server connected unauthorized
client connected authorized
welcome!
const tls = require('tls');
const fs = require('fs');
const options = {
ca: [ fs.readFileSync('server-cert.pem') ]
};
var socket = tls.connect(8000, 'evolastech.com', options, () => {
console.log('client connected',
socket.authorized ? 'authorized' : 'unauthorized');
process.stdin.pipe(socket);
process.stdin.resume();
});
socket.setEncoding('utf8');
socket.on('data', (data) => {
console.log(data);
});
socket.on('end', () => {
console.log('Ended')
});
const tls = require('tls');
const fs = require('fs');
const options = {
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-cert.pem'),
rejectUnauthorized: true,
};
const server = tls.createServer(options, (socket) => {
console.log('server connected',
socket.authorized ? 'authorized' : 'unauthorized');
socket.write('welcome!\n');
socket.setEncoding('utf8');
socket.pipe(socket);
});
server.listen(8000, () => {
console.log('server bound');
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment