@aligent/cdk-prerender-proxy 0.2.7 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (210) hide show
  1. package/index.js +1 -1
  2. package/index.ts +29 -0
  3. package/lib/error-response-construct.ts +54 -0
  4. package/lib/handlers/cache-control.ts +1 -4
  5. package/lib/handlers/error-response.ts +0 -1
  6. package/lib/handlers/prerender.ts +2 -3
  7. package/lib/prerender-cf-cache-control-construct.ts +58 -0
  8. package/lib/prerender-check-construct.ts +43 -0
  9. package/lib/prerender-construct.ts +55 -0
  10. package/lib/prerender-lambda-construct.ts +48 -0
  11. package/package.json +17 -26
  12. package/index.d.ts +0 -6
  13. package/lib/error-response-construct.d.ts +0 -9
  14. package/lib/error-response-construct.js +0 -32
  15. package/lib/handlers/node_modules/.package-lock.json +0 -55
  16. package/lib/handlers/node_modules/@types/aws-lambda/LICENSE +0 -21
  17. package/lib/handlers/node_modules/@types/aws-lambda/README.md +0 -16
  18. package/lib/handlers/node_modules/@types/aws-lambda/common/api-gateway.d.ts +0 -79
  19. package/lib/handlers/node_modules/@types/aws-lambda/common/cloudfront.d.ts +0 -79
  20. package/lib/handlers/node_modules/@types/aws-lambda/handler.d.ts +0 -171
  21. package/lib/handlers/node_modules/@types/aws-lambda/index.d.ts +0 -85
  22. package/lib/handlers/node_modules/@types/aws-lambda/package.json +0 -210
  23. package/lib/handlers/node_modules/@types/aws-lambda/trigger/alb.d.ts +0 -48
  24. package/lib/handlers/node_modules/@types/aws-lambda/trigger/api-gateway-authorizer.d.ts +0 -174
  25. package/lib/handlers/node_modules/@types/aws-lambda/trigger/api-gateway-proxy.d.ts +0 -187
  26. package/lib/handlers/node_modules/@types/aws-lambda/trigger/appsync-resolver.d.ts +0 -51
  27. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cloudformation-custom-resource.d.ts +0 -68
  28. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cloudfront-request.d.ts +0 -20
  29. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cloudfront-response.d.ts +0 -21
  30. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cloudwatch-events.d.ts +0 -8
  31. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cloudwatch-logs.d.ts +0 -37
  32. package/lib/handlers/node_modules/@types/aws-lambda/trigger/codebuild-cloudwatch-state.d.ts +0 -104
  33. package/lib/handlers/node_modules/@types/aws-lambda/trigger/codepipeline-cloudwatch-action.d.ts +0 -31
  34. package/lib/handlers/node_modules/@types/aws-lambda/trigger/codepipeline-cloudwatch-pipeline.d.ts +0 -32
  35. package/lib/handlers/node_modules/@types/aws-lambda/trigger/codepipeline-cloudwatch-stage.d.ts +0 -23
  36. package/lib/handlers/node_modules/@types/aws-lambda/trigger/codepipeline-cloudwatch.d.ts +0 -11
  37. package/lib/handlers/node_modules/@types/aws-lambda/trigger/codepipeline.d.ts +0 -55
  38. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/_common.d.ts +0 -41
  39. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/create-auth-challenge.d.ts +0 -22
  40. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/custom-email-sender.d.ts +0 -86
  41. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/custom-message.d.ts +0 -44
  42. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/define-auth-challenge.d.ts +0 -21
  43. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/index.d.ts +0 -119
  44. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/post-authentication.d.ts +0 -15
  45. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/post-confirmation.d.ts +0 -22
  46. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/pre-authentication.d.ts +0 -15
  47. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/pre-signup.d.ts +0 -31
  48. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/pre-token-generation.d.ts +0 -45
  49. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/user-migration.d.ts +0 -39
  50. package/lib/handlers/node_modules/@types/aws-lambda/trigger/cognito-user-pool-trigger/verify-auth-challenge-response.d.ts +0 -20
  51. package/lib/handlers/node_modules/@types/aws-lambda/trigger/connect-contact-flow.d.ts +0 -65
  52. package/lib/handlers/node_modules/@types/aws-lambda/trigger/dynamodb-stream.d.ts +0 -45
  53. package/lib/handlers/node_modules/@types/aws-lambda/trigger/eventbridge.d.ts +0 -18
  54. package/lib/handlers/node_modules/@types/aws-lambda/trigger/iot.d.ts +0 -28
  55. package/lib/handlers/node_modules/@types/aws-lambda/trigger/kinesis-firehose-transformation.d.ts +0 -45
  56. package/lib/handlers/node_modules/@types/aws-lambda/trigger/kinesis-stream.d.ts +0 -28
  57. package/lib/handlers/node_modules/@types/aws-lambda/trigger/lex.d.ts +0 -116
  58. package/lib/handlers/node_modules/@types/aws-lambda/trigger/msk.d.ts +0 -21
  59. package/lib/handlers/node_modules/@types/aws-lambda/trigger/s3-batch.d.ts +0 -41
  60. package/lib/handlers/node_modules/@types/aws-lambda/trigger/s3.d.ts +0 -60
  61. package/lib/handlers/node_modules/@types/aws-lambda/trigger/ses.d.ts +0 -103
  62. package/lib/handlers/node_modules/@types/aws-lambda/trigger/sns.d.ts +0 -38
  63. package/lib/handlers/node_modules/@types/aws-lambda/trigger/sqs.d.ts +0 -46
  64. package/lib/handlers/node_modules/@types/node/LICENSE +0 -21
  65. package/lib/handlers/node_modules/@types/node/README.md +0 -16
  66. package/lib/handlers/node_modules/@types/node/assert/strict.d.ts +0 -4
  67. package/lib/handlers/node_modules/@types/node/assert.d.ts +0 -124
  68. package/lib/handlers/node_modules/@types/node/async_hooks.d.ts +0 -226
  69. package/lib/handlers/node_modules/@types/node/base.d.ts +0 -19
  70. package/lib/handlers/node_modules/@types/node/buffer.d.ts +0 -84
  71. package/lib/handlers/node_modules/@types/node/child_process.d.ts +0 -526
  72. package/lib/handlers/node_modules/@types/node/cluster.d.ts +0 -262
  73. package/lib/handlers/node_modules/@types/node/console.d.ts +0 -133
  74. package/lib/handlers/node_modules/@types/node/constants.d.ts +0 -13
  75. package/lib/handlers/node_modules/@types/node/crypto.d.ts +0 -1580
  76. package/lib/handlers/node_modules/@types/node/dgram.d.ts +0 -141
  77. package/lib/handlers/node_modules/@types/node/diagnostic_channel.d.ts +0 -34
  78. package/lib/handlers/node_modules/@types/node/dns/promises.d.ts +0 -97
  79. package/lib/handlers/node_modules/@types/node/dns.d.ts +0 -322
  80. package/lib/handlers/node_modules/@types/node/domain.d.ts +0 -24
  81. package/lib/handlers/node_modules/@types/node/events.d.ts +0 -93
  82. package/lib/handlers/node_modules/@types/node/fs/promises.d.ts +0 -592
  83. package/lib/handlers/node_modules/@types/node/fs.d.ts +0 -2239
  84. package/lib/handlers/node_modules/@types/node/globals.d.ts +0 -655
  85. package/lib/handlers/node_modules/@types/node/globals.global.d.ts +0 -1
  86. package/lib/handlers/node_modules/@types/node/http.d.ts +0 -434
  87. package/lib/handlers/node_modules/@types/node/http2.d.ts +0 -976
  88. package/lib/handlers/node_modules/@types/node/https.d.ts +0 -36
  89. package/lib/handlers/node_modules/@types/node/index.d.ts +0 -58
  90. package/lib/handlers/node_modules/@types/node/inspector.d.ts +0 -3041
  91. package/lib/handlers/node_modules/@types/node/module.d.ts +0 -52
  92. package/lib/handlers/node_modules/@types/node/net.d.ts +0 -326
  93. package/lib/handlers/node_modules/@types/node/os.d.ts +0 -239
  94. package/lib/handlers/node_modules/@types/node/package.json +0 -232
  95. package/lib/handlers/node_modules/@types/node/path.d.ts +0 -163
  96. package/lib/handlers/node_modules/@types/node/perf_hooks.d.ts +0 -310
  97. package/lib/handlers/node_modules/@types/node/process.d.ts +0 -461
  98. package/lib/handlers/node_modules/@types/node/punycode.d.ts +0 -75
  99. package/lib/handlers/node_modules/@types/node/querystring.d.ts +0 -28
  100. package/lib/handlers/node_modules/@types/node/readline.d.ts +0 -192
  101. package/lib/handlers/node_modules/@types/node/repl.d.ts +0 -395
  102. package/lib/handlers/node_modules/@types/node/stream/promises.d.ts +0 -67
  103. package/lib/handlers/node_modules/@types/node/stream.d.ts +0 -471
  104. package/lib/handlers/node_modules/@types/node/string_decoder.d.ts +0 -7
  105. package/lib/handlers/node_modules/@types/node/timers/promises.d.ts +0 -21
  106. package/lib/handlers/node_modules/@types/node/timers.d.ts +0 -27
  107. package/lib/handlers/node_modules/@types/node/tls.d.ts +0 -793
  108. package/lib/handlers/node_modules/@types/node/trace_events.d.ts +0 -61
  109. package/lib/handlers/node_modules/@types/node/ts3.6/assert.d.ts +0 -98
  110. package/lib/handlers/node_modules/@types/node/ts3.6/base.d.ts +0 -68
  111. package/lib/handlers/node_modules/@types/node/ts3.6/index.d.ts +0 -7
  112. package/lib/handlers/node_modules/@types/node/tty.d.ts +0 -66
  113. package/lib/handlers/node_modules/@types/node/url.d.ts +0 -116
  114. package/lib/handlers/node_modules/@types/node/util/types.d.ts +0 -53
  115. package/lib/handlers/node_modules/@types/node/util.d.ts +0 -156
  116. package/lib/handlers/node_modules/@types/node/v8.d.ts +0 -198
  117. package/lib/handlers/node_modules/@types/node/vm.d.ts +0 -152
  118. package/lib/handlers/node_modules/@types/node/wasi.d.ts +0 -86
  119. package/lib/handlers/node_modules/@types/node/worker_threads.d.ts +0 -282
  120. package/lib/handlers/node_modules/@types/node/zlib.d.ts +0 -361
  121. package/lib/handlers/node_modules/axios/CHANGELOG.md +0 -685
  122. package/lib/handlers/node_modules/axios/LICENSE +0 -19
  123. package/lib/handlers/node_modules/axios/README.md +0 -800
  124. package/lib/handlers/node_modules/axios/UPGRADE_GUIDE.md +0 -162
  125. package/lib/handlers/node_modules/axios/dist/axios.js +0 -1756
  126. package/lib/handlers/node_modules/axios/dist/axios.map +0 -1
  127. package/lib/handlers/node_modules/axios/dist/axios.min.js +0 -3
  128. package/lib/handlers/node_modules/axios/dist/axios.min.map +0 -1
  129. package/lib/handlers/node_modules/axios/index.d.ts +0 -161
  130. package/lib/handlers/node_modules/axios/index.js +0 -1
  131. package/lib/handlers/node_modules/axios/lib/adapters/README.md +0 -37
  132. package/lib/handlers/node_modules/axios/lib/adapters/http.js +0 -303
  133. package/lib/handlers/node_modules/axios/lib/adapters/xhr.js +0 -179
  134. package/lib/handlers/node_modules/axios/lib/axios.js +0 -56
  135. package/lib/handlers/node_modules/axios/lib/cancel/Cancel.js +0 -19
  136. package/lib/handlers/node_modules/axios/lib/cancel/CancelToken.js +0 -57
  137. package/lib/handlers/node_modules/axios/lib/cancel/isCancel.js +0 -5
  138. package/lib/handlers/node_modules/axios/lib/core/Axios.js +0 -95
  139. package/lib/handlers/node_modules/axios/lib/core/InterceptorManager.js +0 -52
  140. package/lib/handlers/node_modules/axios/lib/core/README.md +0 -7
  141. package/lib/handlers/node_modules/axios/lib/core/buildFullPath.js +0 -20
  142. package/lib/handlers/node_modules/axios/lib/core/createError.js +0 -18
  143. package/lib/handlers/node_modules/axios/lib/core/dispatchRequest.js +0 -79
  144. package/lib/handlers/node_modules/axios/lib/core/enhanceError.js +0 -42
  145. package/lib/handlers/node_modules/axios/lib/core/mergeConfig.js +0 -87
  146. package/lib/handlers/node_modules/axios/lib/core/settle.js +0 -25
  147. package/lib/handlers/node_modules/axios/lib/core/transformData.js +0 -20
  148. package/lib/handlers/node_modules/axios/lib/defaults.js +0 -98
  149. package/lib/handlers/node_modules/axios/lib/helpers/README.md +0 -7
  150. package/lib/handlers/node_modules/axios/lib/helpers/bind.js +0 -11
  151. package/lib/handlers/node_modules/axios/lib/helpers/buildURL.js +0 -70
  152. package/lib/handlers/node_modules/axios/lib/helpers/combineURLs.js +0 -14
  153. package/lib/handlers/node_modules/axios/lib/helpers/cookies.js +0 -53
  154. package/lib/handlers/node_modules/axios/lib/helpers/deprecatedMethod.js +0 -24
  155. package/lib/handlers/node_modules/axios/lib/helpers/isAbsoluteURL.js +0 -14
  156. package/lib/handlers/node_modules/axios/lib/helpers/isAxiosError.js +0 -11
  157. package/lib/handlers/node_modules/axios/lib/helpers/isURLSameOrigin.js +0 -68
  158. package/lib/handlers/node_modules/axios/lib/helpers/normalizeHeaderName.js +0 -12
  159. package/lib/handlers/node_modules/axios/lib/helpers/parseHeaders.js +0 -53
  160. package/lib/handlers/node_modules/axios/lib/helpers/spread.js +0 -27
  161. package/lib/handlers/node_modules/axios/lib/utils.js +0 -351
  162. package/lib/handlers/node_modules/axios/package.json +0 -86
  163. package/lib/handlers/node_modules/buffer-from/LICENSE +0 -21
  164. package/lib/handlers/node_modules/buffer-from/index.js +0 -69
  165. package/lib/handlers/node_modules/buffer-from/package.json +0 -19
  166. package/lib/handlers/node_modules/buffer-from/readme.md +0 -69
  167. package/lib/handlers/node_modules/follow-redirects/LICENSE +0 -18
  168. package/lib/handlers/node_modules/follow-redirects/README.md +0 -148
  169. package/lib/handlers/node_modules/follow-redirects/debug.js +0 -14
  170. package/lib/handlers/node_modules/follow-redirects/http.js +0 -1
  171. package/lib/handlers/node_modules/follow-redirects/https.js +0 -1
  172. package/lib/handlers/node_modules/follow-redirects/index.js +0 -531
  173. package/lib/handlers/node_modules/follow-redirects/package.json +0 -59
  174. package/lib/handlers/node_modules/source-map/CHANGELOG.md +0 -301
  175. package/lib/handlers/node_modules/source-map/LICENSE +0 -28
  176. package/lib/handlers/node_modules/source-map/README.md +0 -742
  177. package/lib/handlers/node_modules/source-map/dist/source-map.debug.js +0 -3234
  178. package/lib/handlers/node_modules/source-map/dist/source-map.js +0 -3233
  179. package/lib/handlers/node_modules/source-map/dist/source-map.min.js +0 -2
  180. package/lib/handlers/node_modules/source-map/dist/source-map.min.js.map +0 -1
  181. package/lib/handlers/node_modules/source-map/lib/array-set.js +0 -121
  182. package/lib/handlers/node_modules/source-map/lib/base64-vlq.js +0 -140
  183. package/lib/handlers/node_modules/source-map/lib/base64.js +0 -67
  184. package/lib/handlers/node_modules/source-map/lib/binary-search.js +0 -111
  185. package/lib/handlers/node_modules/source-map/lib/mapping-list.js +0 -79
  186. package/lib/handlers/node_modules/source-map/lib/quick-sort.js +0 -114
  187. package/lib/handlers/node_modules/source-map/lib/source-map-consumer.js +0 -1145
  188. package/lib/handlers/node_modules/source-map/lib/source-map-generator.js +0 -425
  189. package/lib/handlers/node_modules/source-map/lib/source-node.js +0 -413
  190. package/lib/handlers/node_modules/source-map/lib/util.js +0 -488
  191. package/lib/handlers/node_modules/source-map/package.json +0 -73
  192. package/lib/handlers/node_modules/source-map/source-map.d.ts +0 -98
  193. package/lib/handlers/node_modules/source-map/source-map.js +0 -8
  194. package/lib/handlers/node_modules/source-map-support/LICENSE.md +0 -21
  195. package/lib/handlers/node_modules/source-map-support/README.md +0 -284
  196. package/lib/handlers/node_modules/source-map-support/browser-source-map-support.js +0 -114
  197. package/lib/handlers/node_modules/source-map-support/package.json +0 -31
  198. package/lib/handlers/node_modules/source-map-support/register.js +0 -1
  199. package/lib/handlers/node_modules/source-map-support/source-map-support.js +0 -604
  200. package/lib/handlers/package-lock.json +0 -108
  201. package/lib/handlers/package.json +0 -13
  202. package/lib/handlers/tsconfig.json +0 -22
  203. package/lib/prerender-cf-cache-control-construct.d.ts +0 -10
  204. package/lib/prerender-cf-cache-control-construct.js +0 -33
  205. package/lib/prerender-check-construct.d.ts +0 -6
  206. package/lib/prerender-check-construct.js +0 -25
  207. package/lib/prerender-construct.d.ts +0 -11
  208. package/lib/prerender-construct.js +0 -34
  209. package/lib/prerender-lambda-construct.d.ts +0 -17
  210. package/lib/prerender-lambda-construct.js +0 -19
@@ -1,793 +0,0 @@
1
- declare module 'tls' {
2
- import { X509Certificate } from 'crypto';
3
- import * as net from 'net';
4
-
5
- const CLIENT_RENEG_LIMIT: number;
6
- const CLIENT_RENEG_WINDOW: number;
7
-
8
- interface Certificate {
9
- /**
10
- * Country code.
11
- */
12
- C: string;
13
- /**
14
- * Street.
15
- */
16
- ST: string;
17
- /**
18
- * Locality.
19
- */
20
- L: string;
21
- /**
22
- * Organization.
23
- */
24
- O: string;
25
- /**
26
- * Organizational unit.
27
- */
28
- OU: string;
29
- /**
30
- * Common name.
31
- */
32
- CN: string;
33
- }
34
-
35
- interface PeerCertificate {
36
- subject: Certificate;
37
- issuer: Certificate;
38
- subjectaltname: string;
39
- infoAccess: NodeJS.Dict<string[]>;
40
- modulus: string;
41
- exponent: string;
42
- valid_from: string;
43
- valid_to: string;
44
- fingerprint: string;
45
- fingerprint256: string;
46
- ext_key_usage: string[];
47
- serialNumber: string;
48
- raw: Buffer;
49
- }
50
-
51
- interface DetailedPeerCertificate extends PeerCertificate {
52
- issuerCertificate: DetailedPeerCertificate;
53
- }
54
-
55
- interface CipherNameAndProtocol {
56
- /**
57
- * The cipher name.
58
- */
59
- name: string;
60
- /**
61
- * SSL/TLS protocol version.
62
- */
63
- version: string;
64
-
65
- /**
66
- * IETF name for the cipher suite.
67
- */
68
- standardName: string;
69
- }
70
-
71
- interface EphemeralKeyInfo {
72
- /**
73
- * The supported types are 'DH' and 'ECDH'.
74
- */
75
- type: string;
76
- /**
77
- * The name property is available only when type is 'ECDH'.
78
- */
79
- name?: string;
80
- /**
81
- * The size of parameter of an ephemeral key exchange.
82
- */
83
- size: number;
84
- }
85
-
86
- interface KeyObject {
87
- /**
88
- * Private keys in PEM format.
89
- */
90
- pem: string | Buffer;
91
- /**
92
- * Optional passphrase.
93
- */
94
- passphrase?: string;
95
- }
96
-
97
- interface PxfObject {
98
- /**
99
- * PFX or PKCS12 encoded private key and certificate chain.
100
- */
101
- buf: string | Buffer;
102
- /**
103
- * Optional passphrase.
104
- */
105
- passphrase?: string;
106
- }
107
-
108
- interface TLSSocketOptions extends SecureContextOptions, CommonConnectionOptions {
109
- /**
110
- * If true the TLS socket will be instantiated in server-mode.
111
- * Defaults to false.
112
- */
113
- isServer?: boolean;
114
- /**
115
- * An optional net.Server instance.
116
- */
117
- server?: net.Server;
118
-
119
- /**
120
- * An optional Buffer instance containing a TLS session.
121
- */
122
- session?: Buffer;
123
- /**
124
- * If true, specifies that the OCSP status request extension will be
125
- * added to the client hello and an 'OCSPResponse' event will be
126
- * emitted on the socket before establishing a secure communication
127
- */
128
- requestOCSP?: boolean;
129
- }
130
-
131
- class TLSSocket extends net.Socket {
132
- /**
133
- * Construct a new tls.TLSSocket object from an existing TCP socket.
134
- */
135
- constructor(socket: net.Socket, options?: TLSSocketOptions);
136
-
137
- /**
138
- * A boolean that is true if the peer certificate was signed by one of the specified CAs, otherwise false.
139
- */
140
- authorized: boolean;
141
- /**
142
- * The reason why the peer's certificate has not been verified.
143
- * This property becomes available only when tlsSocket.authorized === false.
144
- */
145
- authorizationError: Error;
146
- /**
147
- * Static boolean value, always true.
148
- * May be used to distinguish TLS sockets from regular ones.
149
- */
150
- encrypted: boolean;
151
-
152
- /**
153
- * String containing the selected ALPN protocol.
154
- * When ALPN has no selected protocol, tlsSocket.alpnProtocol equals false.
155
- */
156
- alpnProtocol?: string;
157
-
158
- /**
159
- * Returns an object representing the local certificate. The returned
160
- * object has some properties corresponding to the fields of the
161
- * certificate.
162
- *
163
- * See tls.TLSSocket.getPeerCertificate() for an example of the
164
- * certificate structure.
165
- *
166
- * If there is no local certificate, an empty object will be returned.
167
- * If the socket has been destroyed, null will be returned.
168
- */
169
- getCertificate(): PeerCertificate | object | null;
170
- /**
171
- * Returns an object representing the cipher name and the SSL/TLS protocol version of the current connection.
172
- * @returns Returns an object representing the cipher name
173
- * and the SSL/TLS protocol version of the current connection.
174
- */
175
- getCipher(): CipherNameAndProtocol;
176
- /**
177
- * Returns an object representing the type, name, and size of parameter
178
- * of an ephemeral key exchange in Perfect Forward Secrecy on a client
179
- * connection. It returns an empty object when the key exchange is not
180
- * ephemeral. As this is only supported on a client socket; null is
181
- * returned if called on a server socket. The supported types are 'DH'
182
- * and 'ECDH'. The name property is available only when type is 'ECDH'.
183
- *
184
- * For example: { type: 'ECDH', name: 'prime256v1', size: 256 }.
185
- */
186
- getEphemeralKeyInfo(): EphemeralKeyInfo | object | null;
187
- /**
188
- * Returns the latest Finished message that has
189
- * been sent to the socket as part of a SSL/TLS handshake, or undefined
190
- * if no Finished message has been sent yet.
191
- *
192
- * As the Finished messages are message digests of the complete
193
- * handshake (with a total of 192 bits for TLS 1.0 and more for SSL
194
- * 3.0), they can be used for external authentication procedures when
195
- * the authentication provided by SSL/TLS is not desired or is not
196
- * enough.
197
- *
198
- * Corresponds to the SSL_get_finished routine in OpenSSL and may be
199
- * used to implement the tls-unique channel binding from RFC 5929.
200
- */
201
- getFinished(): Buffer | undefined;
202
- /**
203
- * Returns an object representing the peer's certificate.
204
- * The returned object has some properties corresponding to the field of the certificate.
205
- * If detailed argument is true the full chain with issuer property will be returned,
206
- * if false only the top certificate without issuer property.
207
- * If the peer does not provide a certificate, it returns null or an empty object.
208
- * @param detailed - If true; the full chain with issuer property will be returned.
209
- * @returns An object representing the peer's certificate.
210
- */
211
- getPeerCertificate(detailed: true): DetailedPeerCertificate;
212
- getPeerCertificate(detailed?: false): PeerCertificate;
213
- getPeerCertificate(detailed?: boolean): PeerCertificate | DetailedPeerCertificate;
214
- /**
215
- * Returns the latest Finished message that is expected or has actually
216
- * been received from the socket as part of a SSL/TLS handshake, or
217
- * undefined if there is no Finished message so far.
218
- *
219
- * As the Finished messages are message digests of the complete
220
- * handshake (with a total of 192 bits for TLS 1.0 and more for SSL
221
- * 3.0), they can be used for external authentication procedures when
222
- * the authentication provided by SSL/TLS is not desired or is not
223
- * enough.
224
- *
225
- * Corresponds to the SSL_get_peer_finished routine in OpenSSL and may
226
- * be used to implement the tls-unique channel binding from RFC 5929.
227
- */
228
- getPeerFinished(): Buffer | undefined;
229
- /**
230
- * Returns a string containing the negotiated SSL/TLS protocol version of the current connection.
231
- * The value `'unknown'` will be returned for connected sockets that have not completed the handshaking process.
232
- * The value `null` will be returned for server sockets or disconnected client sockets.
233
- * See https://www.openssl.org/docs/man1.0.2/ssl/SSL_get_version.html for more information.
234
- * @returns negotiated SSL/TLS protocol version of the current connection
235
- */
236
- getProtocol(): string | null;
237
- /**
238
- * Could be used to speed up handshake establishment when reconnecting to the server.
239
- * @returns ASN.1 encoded TLS session or undefined if none was negotiated.
240
- */
241
- getSession(): Buffer | undefined;
242
- /**
243
- * Returns a list of signature algorithms shared between the server and
244
- * the client in the order of decreasing preference.
245
- */
246
- getSharedSigalgs(): string[];
247
- /**
248
- * NOTE: Works only with client TLS sockets.
249
- * Useful only for debugging, for session reuse provide session option to tls.connect().
250
- * @returns TLS session ticket or undefined if none was negotiated.
251
- */
252
- getTLSTicket(): Buffer | undefined;
253
- /**
254
- * Returns true if the session was reused, false otherwise.
255
- */
256
- isSessionReused(): boolean;
257
- /**
258
- * Initiate TLS renegotiation process.
259
- *
260
- * NOTE: Can be used to request peer's certificate after the secure connection has been established.
261
- * ANOTHER NOTE: When running as the server, socket will be destroyed with an error after handshakeTimeout timeout.
262
- * @param options - The options may contain the following fields: rejectUnauthorized,
263
- * requestCert (See tls.createServer() for details).
264
- * @param callback - callback(err) will be executed with null as err, once the renegotiation
265
- * is successfully completed.
266
- * @return `undefined` when socket is destroy, `false` if negotiaion can't be initiated.
267
- */
268
- renegotiate(options: { rejectUnauthorized?: boolean, requestCert?: boolean }, callback: (err: Error | null) => void): undefined | boolean;
269
- /**
270
- * Set maximum TLS fragment size (default and maximum value is: 16384, minimum is: 512).
271
- * Smaller fragment size decreases buffering latency on the client: large fragments are buffered by
272
- * the TLS layer until the entire fragment is received and its integrity is verified;
273
- * large fragments can span multiple roundtrips, and their processing can be delayed due to packet
274
- * loss or reordering. However, smaller fragments add extra TLS framing bytes and CPU overhead,
275
- * which may decrease overall server throughput.
276
- * @param size - TLS fragment size (default and maximum value is: 16384, minimum is: 512).
277
- * @returns Returns true on success, false otherwise.
278
- */
279
- setMaxSendFragment(size: number): boolean;
280
-
281
- /**
282
- * Disables TLS renegotiation for this TLSSocket instance. Once called,
283
- * attempts to renegotiate will trigger an 'error' event on the
284
- * TLSSocket.
285
- */
286
- disableRenegotiation(): void;
287
-
288
- /**
289
- * When enabled, TLS packet trace information is written to `stderr`. This can be
290
- * used to debug TLS connection problems.
291
- *
292
- * Note: The format of the output is identical to the output of `openssl s_client
293
- * -trace` or `openssl s_server -trace`. While it is produced by OpenSSL's
294
- * `SSL_trace()` function, the format is undocumented, can change without notice,
295
- * and should not be relied on.
296
- */
297
- enableTrace(): void;
298
-
299
- /**
300
- * If there is no peer certificate, or the socket has been destroyed, `undefined` will be returned.
301
- */
302
- getPeerX509Certificate(): X509Certificate | undefined;
303
-
304
- /**
305
- * If there is no local certificate, or the socket has been destroyed, `undefined` will be returned.
306
- */
307
- getX509Certificate(): X509Certificate | undefined;
308
-
309
- /**
310
- * @param length number of bytes to retrieve from keying material
311
- * @param label an application specific label, typically this will be a value from the
312
- * [IANA Exporter Label Registry](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels).
313
- * @param context optionally provide a context.
314
- */
315
- exportKeyingMaterial(length: number, label: string, context: Buffer): Buffer;
316
-
317
- addListener(event: string, listener: (...args: any[]) => void): this;
318
- addListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
319
- addListener(event: "secureConnect", listener: () => void): this;
320
- addListener(event: "session", listener: (session: Buffer) => void): this;
321
- addListener(event: "keylog", listener: (line: Buffer) => void): this;
322
-
323
- emit(event: string | symbol, ...args: any[]): boolean;
324
- emit(event: "OCSPResponse", response: Buffer): boolean;
325
- emit(event: "secureConnect"): boolean;
326
- emit(event: "session", session: Buffer): boolean;
327
- emit(event: "keylog", line: Buffer): boolean;
328
-
329
- on(event: string, listener: (...args: any[]) => void): this;
330
- on(event: "OCSPResponse", listener: (response: Buffer) => void): this;
331
- on(event: "secureConnect", listener: () => void): this;
332
- on(event: "session", listener: (session: Buffer) => void): this;
333
- on(event: "keylog", listener: (line: Buffer) => void): this;
334
-
335
- once(event: string, listener: (...args: any[]) => void): this;
336
- once(event: "OCSPResponse", listener: (response: Buffer) => void): this;
337
- once(event: "secureConnect", listener: () => void): this;
338
- once(event: "session", listener: (session: Buffer) => void): this;
339
- once(event: "keylog", listener: (line: Buffer) => void): this;
340
-
341
- prependListener(event: string, listener: (...args: any[]) => void): this;
342
- prependListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
343
- prependListener(event: "secureConnect", listener: () => void): this;
344
- prependListener(event: "session", listener: (session: Buffer) => void): this;
345
- prependListener(event: "keylog", listener: (line: Buffer) => void): this;
346
-
347
- prependOnceListener(event: string, listener: (...args: any[]) => void): this;
348
- prependOnceListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
349
- prependOnceListener(event: "secureConnect", listener: () => void): this;
350
- prependOnceListener(event: "session", listener: (session: Buffer) => void): this;
351
- prependOnceListener(event: "keylog", listener: (line: Buffer) => void): this;
352
- }
353
-
354
- interface CommonConnectionOptions {
355
- /**
356
- * An optional TLS context object from tls.createSecureContext()
357
- */
358
- secureContext?: SecureContext;
359
-
360
- /**
361
- * When enabled, TLS packet trace information is written to `stderr`. This can be
362
- * used to debug TLS connection problems.
363
- * @default false
364
- */
365
- enableTrace?: boolean;
366
- /**
367
- * If true the server will request a certificate from clients that
368
- * connect and attempt to verify that certificate. Defaults to
369
- * false.
370
- */
371
- requestCert?: boolean;
372
- /**
373
- * An array of strings or a Buffer naming possible ALPN protocols.
374
- * (Protocols should be ordered by their priority.)
375
- */
376
- ALPNProtocols?: string[] | Uint8Array[] | Uint8Array;
377
- /**
378
- * SNICallback(servername, cb) <Function> A function that will be
379
- * called if the client supports SNI TLS extension. Two arguments
380
- * will be passed when called: servername and cb. SNICallback should
381
- * invoke cb(null, ctx), where ctx is a SecureContext instance.
382
- * (tls.createSecureContext(...) can be used to get a proper
383
- * SecureContext.) If SNICallback wasn't provided the default callback
384
- * with high-level API will be used (see below).
385
- */
386
- SNICallback?: (servername: string, cb: (err: Error | null, ctx: SecureContext) => void) => void;
387
- /**
388
- * If true the server will reject any connection which is not
389
- * authorized with the list of supplied CAs. This option only has an
390
- * effect if requestCert is true.
391
- * @default true
392
- */
393
- rejectUnauthorized?: boolean;
394
- }
395
-
396
- interface TlsOptions extends SecureContextOptions, CommonConnectionOptions, net.ServerOpts {
397
- /**
398
- * Abort the connection if the SSL/TLS handshake does not finish in the
399
- * specified number of milliseconds. A 'tlsClientError' is emitted on
400
- * the tls.Server object whenever a handshake times out. Default:
401
- * 120000 (120 seconds).
402
- */
403
- handshakeTimeout?: number;
404
- /**
405
- * The number of seconds after which a TLS session created by the
406
- * server will no longer be resumable. See Session Resumption for more
407
- * information. Default: 300.
408
- */
409
- sessionTimeout?: number;
410
- /**
411
- * 48-bytes of cryptographically strong pseudo-random data.
412
- */
413
- ticketKeys?: Buffer;
414
-
415
- /**
416
- *
417
- * @param socket
418
- * @param identity identity parameter sent from the client.
419
- * @return pre-shared key that must either be
420
- * a buffer or `null` to stop the negotiation process. Returned PSK must be
421
- * compatible with the selected cipher's digest.
422
- *
423
- * When negotiating TLS-PSK (pre-shared keys), this function is called
424
- * with the identity provided by the client.
425
- * If the return value is `null` the negotiation process will stop and an
426
- * "unknown_psk_identity" alert message will be sent to the other party.
427
- * If the server wishes to hide the fact that the PSK identity was not known,
428
- * the callback must provide some random data as `psk` to make the connection
429
- * fail with "decrypt_error" before negotiation is finished.
430
- * PSK ciphers are disabled by default, and using TLS-PSK thus
431
- * requires explicitly specifying a cipher suite with the `ciphers` option.
432
- * More information can be found in the RFC 4279.
433
- */
434
-
435
- pskCallback?(socket: TLSSocket, identity: string): DataView | NodeJS.TypedArray | null;
436
- /**
437
- * hint to send to a client to help
438
- * with selecting the identity during TLS-PSK negotiation. Will be ignored
439
- * in TLS 1.3. Upon failing to set pskIdentityHint `tlsClientError` will be
440
- * emitted with `ERR_TLS_PSK_SET_IDENTIY_HINT_FAILED` code.
441
- */
442
- pskIdentityHint?: string;
443
- }
444
-
445
- interface PSKCallbackNegotation {
446
- psk: DataView | NodeJS.TypedArray;
447
- identity: string;
448
- }
449
-
450
- interface ConnectionOptions extends SecureContextOptions, CommonConnectionOptions {
451
- host?: string;
452
- port?: number;
453
- path?: string; // Creates unix socket connection to path. If this option is specified, `host` and `port` are ignored.
454
- socket?: net.Socket; // Establish secure connection on a given socket rather than creating a new socket
455
- checkServerIdentity?: typeof checkServerIdentity;
456
- servername?: string; // SNI TLS Extension
457
- session?: Buffer;
458
- minDHSize?: number;
459
- lookup?: net.LookupFunction;
460
- timeout?: number;
461
- /**
462
- * When negotiating TLS-PSK (pre-shared keys), this function is called
463
- * with optional identity `hint` provided by the server or `null`
464
- * in case of TLS 1.3 where `hint` was removed.
465
- * It will be necessary to provide a custom `tls.checkServerIdentity()`
466
- * for the connection as the default one will try to check hostname/IP
467
- * of the server against the certificate but that's not applicable for PSK
468
- * because there won't be a certificate present.
469
- * More information can be found in the RFC 4279.
470
- *
471
- * @param hint message sent from the server to help client
472
- * decide which identity to use during negotiation.
473
- * Always `null` if TLS 1.3 is used.
474
- * @returns Return `null` to stop the negotiation process. `psk` must be
475
- * compatible with the selected cipher's digest.
476
- * `identity` must use UTF-8 encoding.
477
- */
478
- pskCallback?(hint: string | null): PSKCallbackNegotation | null;
479
- }
480
-
481
- class Server extends net.Server {
482
- constructor(secureConnectionListener?: (socket: TLSSocket) => void);
483
- constructor(options: TlsOptions, secureConnectionListener?: (socket: TLSSocket) => void);
484
-
485
- /**
486
- * The server.addContext() method adds a secure context that will be
487
- * used if the client request's SNI name matches the supplied hostname
488
- * (or wildcard).
489
- */
490
- addContext(hostName: string, credentials: SecureContextOptions): void;
491
- /**
492
- * Returns the session ticket keys.
493
- */
494
- getTicketKeys(): Buffer;
495
- /**
496
- *
497
- * The server.setSecureContext() method replaces the
498
- * secure context of an existing server. Existing connections to the
499
- * server are not interrupted.
500
- */
501
- setSecureContext(details: SecureContextOptions): void;
502
- /**
503
- * The server.setSecureContext() method replaces the secure context of
504
- * an existing server. Existing connections to the server are not
505
- * interrupted.
506
- */
507
- setTicketKeys(keys: Buffer): void;
508
-
509
- /**
510
- * events.EventEmitter
511
- * 1. tlsClientError
512
- * 2. newSession
513
- * 3. OCSPRequest
514
- * 4. resumeSession
515
- * 5. secureConnection
516
- * 6. keylog
517
- */
518
- addListener(event: string, listener: (...args: any[]) => void): this;
519
- addListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
520
- addListener(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
521
- addListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
522
- addListener(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
523
- addListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
524
- addListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
525
-
526
- emit(event: string | symbol, ...args: any[]): boolean;
527
- emit(event: "tlsClientError", err: Error, tlsSocket: TLSSocket): boolean;
528
- emit(event: "newSession", sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void): boolean;
529
- emit(event: "OCSPRequest", certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void): boolean;
530
- emit(event: "resumeSession", sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void): boolean;
531
- emit(event: "secureConnection", tlsSocket: TLSSocket): boolean;
532
- emit(event: "keylog", line: Buffer, tlsSocket: TLSSocket): boolean;
533
-
534
- on(event: string, listener: (...args: any[]) => void): this;
535
- on(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
536
- on(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
537
- on(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
538
- on(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
539
- on(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
540
- on(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
541
-
542
- once(event: string, listener: (...args: any[]) => void): this;
543
- once(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
544
- once(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
545
- once(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
546
- once(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
547
- once(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
548
- once(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
549
-
550
- prependListener(event: string, listener: (...args: any[]) => void): this;
551
- prependListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
552
- prependListener(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
553
- prependListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
554
- prependListener(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
555
- prependListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
556
- prependListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
557
-
558
- prependOnceListener(event: string, listener: (...args: any[]) => void): this;
559
- prependOnceListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
560
- prependOnceListener(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
561
- prependOnceListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
562
- prependOnceListener(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
563
- prependOnceListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
564
- prependOnceListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
565
- }
566
-
567
- /**
568
- * @deprecated since v0.11.3 Use `tls.TLSSocket` instead.
569
- */
570
- interface SecurePair {
571
- encrypted: TLSSocket;
572
- cleartext: TLSSocket;
573
- }
574
-
575
- type SecureVersion = 'TLSv1.3' | 'TLSv1.2' | 'TLSv1.1' | 'TLSv1';
576
-
577
- interface SecureContextOptions {
578
- /**
579
- * Optionally override the trusted CA certificates. Default is to trust
580
- * the well-known CAs curated by Mozilla. Mozilla's CAs are completely
581
- * replaced when CAs are explicitly specified using this option.
582
- */
583
- ca?: string | Buffer | Array<string | Buffer>;
584
- /**
585
- * Cert chains in PEM format. One cert chain should be provided per
586
- * private key. Each cert chain should consist of the PEM formatted
587
- * certificate for a provided private key, followed by the PEM
588
- * formatted intermediate certificates (if any), in order, and not
589
- * including the root CA (the root CA must be pre-known to the peer,
590
- * see ca). When providing multiple cert chains, they do not have to
591
- * be in the same order as their private keys in key. If the
592
- * intermediate certificates are not provided, the peer will not be
593
- * able to validate the certificate, and the handshake will fail.
594
- */
595
- cert?: string | Buffer | Array<string | Buffer>;
596
- /**
597
- * Colon-separated list of supported signature algorithms. The list
598
- * can contain digest algorithms (SHA256, MD5 etc.), public key
599
- * algorithms (RSA-PSS, ECDSA etc.), combination of both (e.g
600
- * 'RSA+SHA384') or TLS v1.3 scheme names (e.g. rsa_pss_pss_sha512).
601
- */
602
- sigalgs?: string;
603
- /**
604
- * Cipher suite specification, replacing the default. For more
605
- * information, see modifying the default cipher suite. Permitted
606
- * ciphers can be obtained via tls.getCiphers(). Cipher names must be
607
- * uppercased in order for OpenSSL to accept them.
608
- */
609
- ciphers?: string;
610
- /**
611
- * Name of an OpenSSL engine which can provide the client certificate.
612
- */
613
- clientCertEngine?: string;
614
- /**
615
- * PEM formatted CRLs (Certificate Revocation Lists).
616
- */
617
- crl?: string | Buffer | Array<string | Buffer>;
618
- /**
619
- * Diffie Hellman parameters, required for Perfect Forward Secrecy. Use
620
- * openssl dhparam to create the parameters. The key length must be
621
- * greater than or equal to 1024 bits or else an error will be thrown.
622
- * Although 1024 bits is permissible, use 2048 bits or larger for
623
- * stronger security. If omitted or invalid, the parameters are
624
- * silently discarded and DHE ciphers will not be available.
625
- */
626
- dhparam?: string | Buffer;
627
- /**
628
- * A string describing a named curve or a colon separated list of curve
629
- * NIDs or names, for example P-521:P-384:P-256, to use for ECDH key
630
- * agreement. Set to auto to select the curve automatically. Use
631
- * crypto.getCurves() to obtain a list of available curve names. On
632
- * recent releases, openssl ecparam -list_curves will also display the
633
- * name and description of each available elliptic curve. Default:
634
- * tls.DEFAULT_ECDH_CURVE.
635
- */
636
- ecdhCurve?: string;
637
- /**
638
- * Attempt to use the server's cipher suite preferences instead of the
639
- * client's. When true, causes SSL_OP_CIPHER_SERVER_PREFERENCE to be
640
- * set in secureOptions
641
- */
642
- honorCipherOrder?: boolean;
643
- /**
644
- * Private keys in PEM format. PEM allows the option of private keys
645
- * being encrypted. Encrypted keys will be decrypted with
646
- * options.passphrase. Multiple keys using different algorithms can be
647
- * provided either as an array of unencrypted key strings or buffers,
648
- * or an array of objects in the form {pem: <string|buffer>[,
649
- * passphrase: <string>]}. The object form can only occur in an array.
650
- * object.passphrase is optional. Encrypted keys will be decrypted with
651
- * object.passphrase if provided, or options.passphrase if it is not.
652
- */
653
- key?: string | Buffer | Array<Buffer | KeyObject>;
654
- /**
655
- * Name of an OpenSSL engine to get private key from. Should be used
656
- * together with privateKeyIdentifier.
657
- */
658
- privateKeyEngine?: string;
659
- /**
660
- * Identifier of a private key managed by an OpenSSL engine. Should be
661
- * used together with privateKeyEngine. Should not be set together with
662
- * key, because both options define a private key in different ways.
663
- */
664
- privateKeyIdentifier?: string;
665
- /**
666
- * Optionally set the maximum TLS version to allow. One
667
- * of `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`. Cannot be specified along with the
668
- * `secureProtocol` option, use one or the other.
669
- * **Default:** `'TLSv1.3'`, unless changed using CLI options. Using
670
- * `--tls-max-v1.2` sets the default to `'TLSv1.2'`. Using `--tls-max-v1.3` sets the default to
671
- * `'TLSv1.3'`. If multiple of the options are provided, the highest maximum is used.
672
- */
673
- maxVersion?: SecureVersion;
674
- /**
675
- * Optionally set the minimum TLS version to allow. One
676
- * of `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`. Cannot be specified along with the
677
- * `secureProtocol` option, use one or the other. It is not recommended to use
678
- * less than TLSv1.2, but it may be required for interoperability.
679
- * **Default:** `'TLSv1.2'`, unless changed using CLI options. Using
680
- * `--tls-v1.0` sets the default to `'TLSv1'`. Using `--tls-v1.1` sets the default to
681
- * `'TLSv1.1'`. Using `--tls-min-v1.3` sets the default to
682
- * 'TLSv1.3'. If multiple of the options are provided, the lowest minimum is used.
683
- */
684
- minVersion?: SecureVersion;
685
- /**
686
- * Shared passphrase used for a single private key and/or a PFX.
687
- */
688
- passphrase?: string;
689
- /**
690
- * PFX or PKCS12 encoded private key and certificate chain. pfx is an
691
- * alternative to providing key and cert individually. PFX is usually
692
- * encrypted, if it is, passphrase will be used to decrypt it. Multiple
693
- * PFX can be provided either as an array of unencrypted PFX buffers,
694
- * or an array of objects in the form {buf: <string|buffer>[,
695
- * passphrase: <string>]}. The object form can only occur in an array.
696
- * object.passphrase is optional. Encrypted PFX will be decrypted with
697
- * object.passphrase if provided, or options.passphrase if it is not.
698
- */
699
- pfx?: string | Buffer | Array<string | Buffer | PxfObject>;
700
- /**
701
- * Optionally affect the OpenSSL protocol behavior, which is not
702
- * usually necessary. This should be used carefully if at all! Value is
703
- * a numeric bitmask of the SSL_OP_* options from OpenSSL Options
704
- */
705
- secureOptions?: number; // Value is a numeric bitmask of the `SSL_OP_*` options
706
- /**
707
- * Legacy mechanism to select the TLS protocol version to use, it does
708
- * not support independent control of the minimum and maximum version,
709
- * and does not support limiting the protocol to TLSv1.3. Use
710
- * minVersion and maxVersion instead. The possible values are listed as
711
- * SSL_METHODS, use the function names as strings. For example, use
712
- * 'TLSv1_1_method' to force TLS version 1.1, or 'TLS_method' to allow
713
- * any TLS protocol version up to TLSv1.3. It is not recommended to use
714
- * TLS versions less than 1.2, but it may be required for
715
- * interoperability. Default: none, see minVersion.
716
- */
717
- secureProtocol?: string;
718
- /**
719
- * Opaque identifier used by servers to ensure session state is not
720
- * shared between applications. Unused by clients.
721
- */
722
- sessionIdContext?: string;
723
- /**
724
- * 48-bytes of cryptographically strong pseudo-random data.
725
- * See Session Resumption for more information.
726
- */
727
- ticketKeys?: Buffer;
728
- /**
729
- * The number of seconds after which a TLS session created by the
730
- * server will no longer be resumable. See Session Resumption for more
731
- * information. Default: 300.
732
- */
733
- sessionTimeout?: number;
734
- }
735
-
736
- interface SecureContext {
737
- context: any;
738
- }
739
-
740
- /*
741
- * Verifies the certificate `cert` is issued to host `host`.
742
- * @host The hostname to verify the certificate against
743
- * @cert PeerCertificate representing the peer's certificate
744
- *
745
- * Returns Error object, populating it with the reason, host and cert on failure. On success, returns undefined.
746
- */
747
- function checkServerIdentity(host: string, cert: PeerCertificate): Error | undefined;
748
- function createServer(secureConnectionListener?: (socket: TLSSocket) => void): Server;
749
- function createServer(options: TlsOptions, secureConnectionListener?: (socket: TLSSocket) => void): Server;
750
- function connect(options: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
751
- function connect(port: number, host?: string, options?: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
752
- function connect(port: number, options?: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
753
- /**
754
- * @deprecated since v0.11.3 Use `tls.TLSSocket` instead.
755
- */
756
- function createSecurePair(credentials?: SecureContext, isServer?: boolean, requestCert?: boolean, rejectUnauthorized?: boolean): SecurePair;
757
- function createSecureContext(options?: SecureContextOptions): SecureContext;
758
- function getCiphers(): string[];
759
-
760
- /**
761
- * The default curve name to use for ECDH key agreement in a tls server.
762
- * The default value is 'auto'. See tls.createSecureContext() for further
763
- * information.
764
- */
765
- let DEFAULT_ECDH_CURVE: string;
766
- /**
767
- * The default value of the maxVersion option of
768
- * tls.createSecureContext(). It can be assigned any of the supported TLS
769
- * protocol versions, 'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1'. Default:
770
- * 'TLSv1.3', unless changed using CLI options. Using --tls-max-v1.2 sets
771
- * the default to 'TLSv1.2'. Using --tls-max-v1.3 sets the default to
772
- * 'TLSv1.3'. If multiple of the options are provided, the highest maximum
773
- * is used.
774
- */
775
- let DEFAULT_MAX_VERSION: SecureVersion;
776
- /**
777
- * The default value of the minVersion option of tls.createSecureContext().
778
- * It can be assigned any of the supported TLS protocol versions,
779
- * 'TLSv1.3', 'TLSv1.2', 'TLSv1.1', or 'TLSv1'. Default: 'TLSv1.2', unless
780
- * changed using CLI options. Using --tls-min-v1.0 sets the default to
781
- * 'TLSv1'. Using --tls-min-v1.1 sets the default to 'TLSv1.1'. Using
782
- * --tls-min-v1.3 sets the default to 'TLSv1.3'. If multiple of the options
783
- * are provided, the lowest minimum is used.
784
- */
785
- let DEFAULT_MIN_VERSION: SecureVersion;
786
-
787
- /**
788
- * An immutable array of strings representing the root certificates (in PEM
789
- * format) used for verifying peer certificates. This is the default value
790
- * of the ca option to tls.createSecureContext().
791
- */
792
- const rootCertificates: ReadonlyArray<string>;
793
- }