rahad-media-downloader 2.1.10 → 2.1.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (239) hide show
  1. package/.cache/replit/modules/nodejs-20.res +1 -0
  2. package/.cache/replit/modules/replit.res +1 -0
  3. package/.cache/typescript/5.3/node_modules/.package-lock.json +6 -0
  4. package/.cache/typescript/5.3/node_modules/@types/qs/LICENSE +21 -0
  5. package/.cache/typescript/5.3/node_modules/@types/qs/README.md +15 -0
  6. package/.cache/typescript/5.3/node_modules/@types/qs/index.d.ts +79 -0
  7. package/.cache/typescript/5.3/node_modules/@types/qs/package.json +65 -0
  8. package/.cache/typescript/5.3/package-lock.json +7 -0
  9. package/.cache/typescript/5.3/package.json +1 -1
  10. package/.cache/typescript/5.4/node_modules/.package-lock.json +185 -0
  11. package/.cache/typescript/5.4/node_modules/@types/caseless/LICENSE +21 -0
  12. package/.cache/typescript/5.4/node_modules/@types/caseless/README.md +48 -0
  13. package/.cache/typescript/5.4/node_modules/@types/caseless/index.d.ts +29 -0
  14. package/.cache/typescript/5.4/node_modules/@types/caseless/package.json +35 -0
  15. package/.cache/typescript/5.4/node_modules/@types/domhandler/LICENSE +21 -0
  16. package/.cache/typescript/5.4/node_modules/@types/domhandler/README.md +92 -0
  17. package/.cache/typescript/5.4/node_modules/@types/domhandler/index.d.ts +73 -0
  18. package/.cache/typescript/5.4/node_modules/@types/domhandler/package.json +25 -0
  19. package/.cache/typescript/5.4/node_modules/@types/domutils/LICENSE +21 -0
  20. package/.cache/typescript/5.4/node_modules/@types/domutils/README.md +15 -0
  21. package/.cache/typescript/5.4/node_modules/@types/domutils/index.d.ts +124 -0
  22. package/.cache/typescript/5.4/node_modules/@types/domutils/package.json +27 -0
  23. package/.cache/typescript/5.4/node_modules/@types/htmlparser2/LICENSE +21 -0
  24. package/.cache/typescript/5.4/node_modules/@types/htmlparser2/README.md +15 -0
  25. package/.cache/typescript/5.4/node_modules/@types/htmlparser2/index.d.ts +120 -0
  26. package/.cache/typescript/5.4/node_modules/@types/htmlparser2/package.json +45 -0
  27. package/.cache/typescript/5.4/node_modules/@types/node/LICENSE +21 -0
  28. package/.cache/typescript/5.4/node_modules/@types/node/README.md +15 -0
  29. package/.cache/typescript/5.4/node_modules/@types/node/assert/strict.d.ts +8 -0
  30. package/.cache/typescript/5.4/node_modules/@types/node/assert.d.ts +1040 -0
  31. package/.cache/typescript/5.4/node_modules/@types/node/async_hooks.d.ts +541 -0
  32. package/.cache/typescript/5.4/node_modules/@types/node/buffer.d.ts +2363 -0
  33. package/.cache/typescript/5.4/node_modules/@types/node/child_process.d.ts +1542 -0
  34. package/.cache/typescript/5.4/node_modules/@types/node/cluster.d.ts +578 -0
  35. package/.cache/typescript/5.4/node_modules/@types/node/console.d.ts +452 -0
  36. package/.cache/typescript/5.4/node_modules/@types/node/constants.d.ts +19 -0
  37. package/.cache/typescript/5.4/node_modules/@types/node/crypto.d.ts +4522 -0
  38. package/.cache/typescript/5.4/node_modules/@types/node/dgram.d.ts +596 -0
  39. package/.cache/typescript/5.4/node_modules/@types/node/diagnostics_channel.d.ts +545 -0
  40. package/.cache/typescript/5.4/node_modules/@types/node/dns/promises.d.ts +473 -0
  41. package/.cache/typescript/5.4/node_modules/@types/node/dns.d.ts +853 -0
  42. package/.cache/typescript/5.4/node_modules/@types/node/dom-events.d.ts +124 -0
  43. package/.cache/typescript/5.4/node_modules/@types/node/domain.d.ts +170 -0
  44. package/.cache/typescript/5.4/node_modules/@types/node/events.d.ts +884 -0
  45. package/.cache/typescript/5.4/node_modules/@types/node/fs/promises.d.ts +1245 -0
  46. package/.cache/typescript/5.4/node_modules/@types/node/fs.d.ts +4317 -0
  47. package/.cache/typescript/5.4/node_modules/@types/node/globals.d.ts +411 -0
  48. package/.cache/typescript/5.4/node_modules/@types/node/globals.global.d.ts +1 -0
  49. package/.cache/typescript/5.4/node_modules/@types/node/http.d.ts +1889 -0
  50. package/.cache/typescript/5.4/node_modules/@types/node/http2.d.ts +2418 -0
  51. package/.cache/typescript/5.4/node_modules/@types/node/https.d.ts +550 -0
  52. package/.cache/typescript/5.4/node_modules/@types/node/index.d.ts +89 -0
  53. package/.cache/typescript/5.4/node_modules/@types/node/inspector.d.ts +2746 -0
  54. package/.cache/typescript/5.4/node_modules/@types/node/module.d.ts +315 -0
  55. package/.cache/typescript/5.4/node_modules/@types/node/net.d.ts +996 -0
  56. package/.cache/typescript/5.4/node_modules/@types/node/os.d.ts +495 -0
  57. package/.cache/typescript/5.4/node_modules/@types/node/package.json +217 -0
  58. package/.cache/typescript/5.4/node_modules/@types/node/path.d.ts +191 -0
  59. package/.cache/typescript/5.4/node_modules/@types/node/perf_hooks.d.ts +645 -0
  60. package/.cache/typescript/5.4/node_modules/@types/node/process.d.ts +1747 -0
  61. package/.cache/typescript/5.4/node_modules/@types/node/punycode.d.ts +117 -0
  62. package/.cache/typescript/5.4/node_modules/@types/node/querystring.d.ts +153 -0
  63. package/.cache/typescript/5.4/node_modules/@types/node/readline/promises.d.ts +150 -0
  64. package/.cache/typescript/5.4/node_modules/@types/node/readline.d.ts +540 -0
  65. package/.cache/typescript/5.4/node_modules/@types/node/repl.d.ts +430 -0
  66. package/.cache/typescript/5.4/node_modules/@types/node/sea.d.ts +153 -0
  67. package/.cache/typescript/5.4/node_modules/@types/node/stream/consumers.d.ts +12 -0
  68. package/.cache/typescript/5.4/node_modules/@types/node/stream/promises.d.ts +83 -0
  69. package/.cache/typescript/5.4/node_modules/@types/node/stream/web.d.ts +367 -0
  70. package/.cache/typescript/5.4/node_modules/@types/node/stream.d.ts +1707 -0
  71. package/.cache/typescript/5.4/node_modules/@types/node/string_decoder.d.ts +67 -0
  72. package/.cache/typescript/5.4/node_modules/@types/node/test.d.ts +1470 -0
  73. package/.cache/typescript/5.4/node_modules/@types/node/timers/promises.d.ts +97 -0
  74. package/.cache/typescript/5.4/node_modules/@types/node/timers.d.ts +240 -0
  75. package/.cache/typescript/5.4/node_modules/@types/node/tls.d.ts +1217 -0
  76. package/.cache/typescript/5.4/node_modules/@types/node/trace_events.d.ts +197 -0
  77. package/.cache/typescript/5.4/node_modules/@types/node/tty.d.ts +208 -0
  78. package/.cache/typescript/5.4/node_modules/@types/node/url.d.ts +944 -0
  79. package/.cache/typescript/5.4/node_modules/@types/node/util.d.ts +2276 -0
  80. package/.cache/typescript/5.4/node_modules/@types/node/v8.d.ts +764 -0
  81. package/.cache/typescript/5.4/node_modules/@types/node/vm.d.ts +921 -0
  82. package/.cache/typescript/5.4/node_modules/@types/node/wasi.d.ts +181 -0
  83. package/.cache/typescript/5.4/node_modules/@types/node/worker_threads.d.ts +691 -0
  84. package/.cache/typescript/5.4/node_modules/@types/node/zlib.d.ts +530 -0
  85. package/.cache/typescript/5.4/node_modules/@types/node-fetch/LICENSE +21 -0
  86. package/.cache/typescript/5.4/node_modules/@types/node-fetch/README.md +15 -0
  87. package/.cache/typescript/5.4/node_modules/@types/node-fetch/externals.d.ts +32 -0
  88. package/.cache/typescript/5.4/node_modules/@types/node-fetch/index.d.ts +238 -0
  89. package/.cache/typescript/5.4/node_modules/@types/node-fetch/package.json +83 -0
  90. package/.cache/typescript/5.4/node_modules/@types/qs/LICENSE +21 -0
  91. package/.cache/typescript/5.4/node_modules/@types/qs/README.md +15 -0
  92. package/.cache/typescript/5.4/node_modules/@types/qs/index.d.ts +79 -0
  93. package/.cache/typescript/5.4/node_modules/@types/qs/package.json +65 -0
  94. package/.cache/typescript/5.4/node_modules/@types/request/LICENSE +21 -0
  95. package/.cache/typescript/5.4/node_modules/@types/request/README.md +15 -0
  96. package/.cache/typescript/5.4/node_modules/@types/request/index.d.ts +395 -0
  97. package/.cache/typescript/5.4/node_modules/@types/request/node_modules/form-data/License +19 -0
  98. package/.cache/typescript/5.4/node_modules/@types/request/node_modules/form-data/README.md +350 -0
  99. package/.cache/typescript/5.4/node_modules/@types/request/node_modules/form-data/README.md.bak +350 -0
  100. package/.cache/typescript/5.4/node_modules/@types/request/node_modules/form-data/index.d.ts +51 -0
  101. package/.cache/typescript/5.4/node_modules/@types/request/node_modules/form-data/lib/browser.js +2 -0
  102. package/.cache/typescript/5.4/node_modules/@types/request/node_modules/form-data/lib/form_data.js +483 -0
  103. package/.cache/typescript/5.4/node_modules/@types/request/node_modules/form-data/lib/populate.js +10 -0
  104. package/.cache/typescript/5.4/node_modules/@types/request/node_modules/form-data/package.json +68 -0
  105. package/.cache/typescript/5.4/node_modules/@types/request/package.json +70 -0
  106. package/.cache/typescript/5.4/node_modules/@types/tough-cookie/LICENSE +21 -0
  107. package/.cache/typescript/5.4/node_modules/@types/tough-cookie/README.md +15 -0
  108. package/.cache/typescript/5.4/node_modules/@types/tough-cookie/index.d.ts +321 -0
  109. package/.cache/typescript/5.4/node_modules/@types/tough-cookie/package.json +35 -0
  110. package/.cache/typescript/5.4/node_modules/asynckit/LICENSE +21 -0
  111. package/.cache/typescript/5.4/node_modules/asynckit/README.md +233 -0
  112. package/.cache/typescript/5.4/node_modules/asynckit/bench.js +76 -0
  113. package/.cache/typescript/5.4/node_modules/asynckit/index.js +6 -0
  114. package/.cache/typescript/5.4/node_modules/asynckit/lib/abort.js +29 -0
  115. package/.cache/typescript/5.4/node_modules/asynckit/lib/async.js +34 -0
  116. package/.cache/typescript/5.4/node_modules/asynckit/lib/defer.js +26 -0
  117. package/.cache/typescript/5.4/node_modules/asynckit/lib/iterate.js +75 -0
  118. package/.cache/typescript/5.4/node_modules/asynckit/lib/readable_asynckit.js +91 -0
  119. package/.cache/typescript/5.4/node_modules/asynckit/lib/readable_parallel.js +25 -0
  120. package/.cache/typescript/5.4/node_modules/asynckit/lib/readable_serial.js +25 -0
  121. package/.cache/typescript/5.4/node_modules/asynckit/lib/readable_serial_ordered.js +29 -0
  122. package/.cache/typescript/5.4/node_modules/asynckit/lib/state.js +37 -0
  123. package/.cache/typescript/5.4/node_modules/asynckit/lib/streamify.js +141 -0
  124. package/.cache/typescript/5.4/node_modules/asynckit/lib/terminator.js +29 -0
  125. package/.cache/typescript/5.4/node_modules/asynckit/package.json +63 -0
  126. package/.cache/typescript/5.4/node_modules/asynckit/parallel.js +43 -0
  127. package/.cache/typescript/5.4/node_modules/asynckit/serial.js +17 -0
  128. package/.cache/typescript/5.4/node_modules/asynckit/serialOrdered.js +75 -0
  129. package/.cache/typescript/5.4/node_modules/asynckit/stream.js +21 -0
  130. package/.cache/typescript/5.4/node_modules/combined-stream/License +19 -0
  131. package/.cache/typescript/5.4/node_modules/combined-stream/Readme.md +138 -0
  132. package/.cache/typescript/5.4/node_modules/combined-stream/lib/combined_stream.js +208 -0
  133. package/.cache/typescript/5.4/node_modules/combined-stream/package.json +25 -0
  134. package/.cache/typescript/5.4/node_modules/combined-stream/yarn.lock +17 -0
  135. package/.cache/typescript/5.4/node_modules/delayed-stream/License +19 -0
  136. package/.cache/typescript/5.4/node_modules/delayed-stream/Makefile +7 -0
  137. package/.cache/typescript/5.4/node_modules/delayed-stream/Readme.md +141 -0
  138. package/.cache/typescript/5.4/node_modules/delayed-stream/lib/delayed_stream.js +107 -0
  139. package/.cache/typescript/5.4/node_modules/delayed-stream/package.json +27 -0
  140. package/.cache/typescript/5.4/node_modules/domelementtype/LICENSE +11 -0
  141. package/.cache/typescript/5.4/node_modules/domelementtype/index.js +15 -0
  142. package/.cache/typescript/5.4/node_modules/domelementtype/package.json +16 -0
  143. package/.cache/typescript/5.4/node_modules/domelementtype/readme.md +1 -0
  144. package/.cache/typescript/5.4/node_modules/domhandler/.travis.yml +6 -0
  145. package/.cache/typescript/5.4/node_modules/domhandler/LICENSE +11 -0
  146. package/.cache/typescript/5.4/node_modules/domhandler/index.js +217 -0
  147. package/.cache/typescript/5.4/node_modules/domhandler/lib/element.js +20 -0
  148. package/.cache/typescript/5.4/node_modules/domhandler/lib/node.js +44 -0
  149. package/.cache/typescript/5.4/node_modules/domhandler/package.json +41 -0
  150. package/.cache/typescript/5.4/node_modules/domhandler/readme.md +116 -0
  151. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/01-basic.json +57 -0
  152. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/02-single_tag_1.json +21 -0
  153. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/03-single_tag_2.json +21 -0
  154. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/04-unescaped_in_script.json +27 -0
  155. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/05-tags_in_comment.json +18 -0
  156. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/06-comment_in_script.json +18 -0
  157. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/07-unescaped_in_style.json +20 -0
  158. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/08-extra_spaces_in_tag.json +20 -0
  159. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/09-unquoted_attrib.json +20 -0
  160. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/10-singular_attribute.json +15 -0
  161. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/11-text_outside_tags.json +40 -0
  162. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/12-text_only.json +11 -0
  163. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/13-comment_in_text.json +19 -0
  164. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/14-comment_in_text_in_script.json +18 -0
  165. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/15-non-verbose.json +22 -0
  166. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/16-normalize_whitespace.json +47 -0
  167. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/17-xml_namespace.json +18 -0
  168. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/18-enforce_empty_tags.json +16 -0
  169. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/19-ignore_empty_tags.json +20 -0
  170. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/20-template_script_tags.json +20 -0
  171. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/21-conditional_comments.json +15 -0
  172. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/22-lowercase_tags.json +41 -0
  173. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/23-dom-lvl1.json +131 -0
  174. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/24-with-start-indices.json +85 -0
  175. package/.cache/typescript/5.4/node_modules/domhandler/test/cases/25-with-end-indices.json +86 -0
  176. package/.cache/typescript/5.4/node_modules/domhandler/test/tests.js +60 -0
  177. package/.cache/typescript/5.4/node_modules/form-data/License +19 -0
  178. package/.cache/typescript/5.4/node_modules/form-data/README.md.bak +358 -0
  179. package/.cache/typescript/5.4/node_modules/form-data/Readme.md +358 -0
  180. package/.cache/typescript/5.4/node_modules/form-data/index.d.ts +62 -0
  181. package/.cache/typescript/5.4/node_modules/form-data/lib/browser.js +2 -0
  182. package/.cache/typescript/5.4/node_modules/form-data/lib/form_data.js +501 -0
  183. package/.cache/typescript/5.4/node_modules/form-data/lib/populate.js +10 -0
  184. package/.cache/typescript/5.4/node_modules/form-data/package.json +68 -0
  185. package/.cache/typescript/5.4/node_modules/mime-db/HISTORY.md +507 -0
  186. package/.cache/typescript/5.4/node_modules/mime-db/LICENSE +23 -0
  187. package/.cache/typescript/5.4/node_modules/mime-db/README.md +100 -0
  188. package/.cache/typescript/5.4/node_modules/mime-db/db.json +8519 -0
  189. package/.cache/typescript/5.4/node_modules/mime-db/index.js +12 -0
  190. package/.cache/typescript/5.4/node_modules/mime-db/package.json +60 -0
  191. package/.cache/typescript/5.4/node_modules/mime-types/HISTORY.md +397 -0
  192. package/.cache/typescript/5.4/node_modules/mime-types/LICENSE +23 -0
  193. package/.cache/typescript/5.4/node_modules/mime-types/README.md +113 -0
  194. package/.cache/typescript/5.4/node_modules/mime-types/index.js +188 -0
  195. package/.cache/typescript/5.4/node_modules/mime-types/package.json +44 -0
  196. package/.cache/typescript/5.4/node_modules/types-registry/README.md +2 -0
  197. package/.cache/typescript/5.4/node_modules/types-registry/index.json +1 -0
  198. package/.cache/typescript/5.4/node_modules/types-registry/package.json +20 -0
  199. package/.cache/typescript/5.4/node_modules/undici-types/README.md +6 -0
  200. package/.cache/typescript/5.4/node_modules/undici-types/agent.d.ts +31 -0
  201. package/.cache/typescript/5.4/node_modules/undici-types/api.d.ts +43 -0
  202. package/.cache/typescript/5.4/node_modules/undici-types/balanced-pool.d.ts +18 -0
  203. package/.cache/typescript/5.4/node_modules/undici-types/cache.d.ts +36 -0
  204. package/.cache/typescript/5.4/node_modules/undici-types/client.d.ts +97 -0
  205. package/.cache/typescript/5.4/node_modules/undici-types/connector.d.ts +34 -0
  206. package/.cache/typescript/5.4/node_modules/undici-types/content-type.d.ts +21 -0
  207. package/.cache/typescript/5.4/node_modules/undici-types/cookies.d.ts +28 -0
  208. package/.cache/typescript/5.4/node_modules/undici-types/diagnostics-channel.d.ts +67 -0
  209. package/.cache/typescript/5.4/node_modules/undici-types/dispatcher.d.ts +241 -0
  210. package/.cache/typescript/5.4/node_modules/undici-types/errors.d.ts +128 -0
  211. package/.cache/typescript/5.4/node_modules/undici-types/fetch.d.ts +209 -0
  212. package/.cache/typescript/5.4/node_modules/undici-types/file.d.ts +39 -0
  213. package/.cache/typescript/5.4/node_modules/undici-types/filereader.d.ts +54 -0
  214. package/.cache/typescript/5.4/node_modules/undici-types/formdata.d.ts +108 -0
  215. package/.cache/typescript/5.4/node_modules/undici-types/global-dispatcher.d.ts +9 -0
  216. package/.cache/typescript/5.4/node_modules/undici-types/global-origin.d.ts +7 -0
  217. package/.cache/typescript/5.4/node_modules/undici-types/handlers.d.ts +9 -0
  218. package/.cache/typescript/5.4/node_modules/undici-types/header.d.ts +4 -0
  219. package/.cache/typescript/5.4/node_modules/undici-types/index.d.ts +63 -0
  220. package/.cache/typescript/5.4/node_modules/undici-types/interceptors.d.ts +5 -0
  221. package/.cache/typescript/5.4/node_modules/undici-types/mock-agent.d.ts +50 -0
  222. package/.cache/typescript/5.4/node_modules/undici-types/mock-client.d.ts +25 -0
  223. package/.cache/typescript/5.4/node_modules/undici-types/mock-errors.d.ts +12 -0
  224. package/.cache/typescript/5.4/node_modules/undici-types/mock-interceptor.d.ts +93 -0
  225. package/.cache/typescript/5.4/node_modules/undici-types/mock-pool.d.ts +25 -0
  226. package/.cache/typescript/5.4/node_modules/undici-types/package.json +55 -0
  227. package/.cache/typescript/5.4/node_modules/undici-types/patch.d.ts +71 -0
  228. package/.cache/typescript/5.4/node_modules/undici-types/pool-stats.d.ts +19 -0
  229. package/.cache/typescript/5.4/node_modules/undici-types/pool.d.ts +28 -0
  230. package/.cache/typescript/5.4/node_modules/undici-types/proxy-agent.d.ts +30 -0
  231. package/.cache/typescript/5.4/node_modules/undici-types/readable.d.ts +61 -0
  232. package/.cache/typescript/5.4/node_modules/undici-types/webidl.d.ts +220 -0
  233. package/.cache/typescript/5.4/node_modules/undici-types/websocket.d.ts +131 -0
  234. package/.cache/typescript/5.4/package-lock.json +197 -0
  235. package/.cache/typescript/5.4/package.json +1 -0
  236. package/index.js +1 -1
  237. package/package.json +37 -2
  238. package/.cache/replit/modules/nodejs-20:v32-20240401-269b323.res +0 -1
  239. package/.cache/replit/modules/replit:v8-20240329-787bc7d.res +0 -1
@@ -0,0 +1,1217 @@
1
+ /**
2
+ * The `node:tls` module provides an implementation of the Transport Layer Security
3
+ * (TLS) and Secure Socket Layer (SSL) protocols that is built on top of OpenSSL.
4
+ * The module can be accessed using:
5
+ *
6
+ * ```js
7
+ * const tls = require('node:tls');
8
+ * ```
9
+ * @see [source](https://github.com/nodejs/node/blob/v20.12.2/lib/tls.js)
10
+ */
11
+ declare module "tls" {
12
+ import { X509Certificate } from "node:crypto";
13
+ import * as net from "node:net";
14
+ import * as stream from "stream";
15
+ const CLIENT_RENEG_LIMIT: number;
16
+ const CLIENT_RENEG_WINDOW: number;
17
+ interface Certificate {
18
+ /**
19
+ * Country code.
20
+ */
21
+ C: string;
22
+ /**
23
+ * Street.
24
+ */
25
+ ST: string;
26
+ /**
27
+ * Locality.
28
+ */
29
+ L: string;
30
+ /**
31
+ * Organization.
32
+ */
33
+ O: string;
34
+ /**
35
+ * Organizational unit.
36
+ */
37
+ OU: string;
38
+ /**
39
+ * Common name.
40
+ */
41
+ CN: string;
42
+ }
43
+ interface PeerCertificate {
44
+ /**
45
+ * `true` if a Certificate Authority (CA), `false` otherwise.
46
+ * @since v18.13.0
47
+ */
48
+ ca: boolean;
49
+ /**
50
+ * The DER encoded X.509 certificate data.
51
+ */
52
+ raw: Buffer;
53
+ /**
54
+ * The certificate subject.
55
+ */
56
+ subject: Certificate;
57
+ /**
58
+ * The certificate issuer, described in the same terms as the `subject`.
59
+ */
60
+ issuer: Certificate;
61
+ /**
62
+ * The date-time the certificate is valid from.
63
+ */
64
+ valid_from: string;
65
+ /**
66
+ * The date-time the certificate is valid to.
67
+ */
68
+ valid_to: string;
69
+ /**
70
+ * The certificate serial number, as a hex string.
71
+ */
72
+ serialNumber: string;
73
+ /**
74
+ * The SHA-1 digest of the DER encoded certificate.
75
+ * It is returned as a `:` separated hexadecimal string.
76
+ */
77
+ fingerprint: string;
78
+ /**
79
+ * The SHA-256 digest of the DER encoded certificate.
80
+ * It is returned as a `:` separated hexadecimal string.
81
+ */
82
+ fingerprint256: string;
83
+ /**
84
+ * The SHA-512 digest of the DER encoded certificate.
85
+ * It is returned as a `:` separated hexadecimal string.
86
+ */
87
+ fingerprint512: string;
88
+ /**
89
+ * The extended key usage, a set of OIDs.
90
+ */
91
+ ext_key_usage?: string[];
92
+ /**
93
+ * A string containing concatenated names for the subject,
94
+ * an alternative to the `subject` names.
95
+ */
96
+ subjectaltname?: string;
97
+ /**
98
+ * An array describing the AuthorityInfoAccess, used with OCSP.
99
+ */
100
+ infoAccess?: NodeJS.Dict<string[]>;
101
+ /**
102
+ * For RSA keys: The RSA bit size.
103
+ *
104
+ * For EC keys: The key size in bits.
105
+ */
106
+ bits?: number;
107
+ /**
108
+ * The RSA exponent, as a string in hexadecimal number notation.
109
+ */
110
+ exponent?: string;
111
+ /**
112
+ * The RSA modulus, as a hexadecimal string.
113
+ */
114
+ modulus?: string;
115
+ /**
116
+ * The public key.
117
+ */
118
+ pubkey?: Buffer;
119
+ /**
120
+ * The ASN.1 name of the OID of the elliptic curve.
121
+ * Well-known curves are identified by an OID.
122
+ * While it is unusual, it is possible that the curve
123
+ * is identified by its mathematical properties,
124
+ * in which case it will not have an OID.
125
+ */
126
+ asn1Curve?: string;
127
+ /**
128
+ * The NIST name for the elliptic curve, if it has one
129
+ * (not all well-known curves have been assigned names by NIST).
130
+ */
131
+ nistCurve?: string;
132
+ }
133
+ interface DetailedPeerCertificate extends PeerCertificate {
134
+ /**
135
+ * The issuer certificate object.
136
+ * For self-signed certificates, this may be a circular reference.
137
+ */
138
+ issuerCertificate: DetailedPeerCertificate;
139
+ }
140
+ interface CipherNameAndProtocol {
141
+ /**
142
+ * The cipher name.
143
+ */
144
+ name: string;
145
+ /**
146
+ * SSL/TLS protocol version.
147
+ */
148
+ version: string;
149
+ /**
150
+ * IETF name for the cipher suite.
151
+ */
152
+ standardName: string;
153
+ }
154
+ interface EphemeralKeyInfo {
155
+ /**
156
+ * The supported types are 'DH' and 'ECDH'.
157
+ */
158
+ type: string;
159
+ /**
160
+ * The name property is available only when type is 'ECDH'.
161
+ */
162
+ name?: string | undefined;
163
+ /**
164
+ * The size of parameter of an ephemeral key exchange.
165
+ */
166
+ size: number;
167
+ }
168
+ interface KeyObject {
169
+ /**
170
+ * Private keys in PEM format.
171
+ */
172
+ pem: string | Buffer;
173
+ /**
174
+ * Optional passphrase.
175
+ */
176
+ passphrase?: string | undefined;
177
+ }
178
+ interface PxfObject {
179
+ /**
180
+ * PFX or PKCS12 encoded private key and certificate chain.
181
+ */
182
+ buf: string | Buffer;
183
+ /**
184
+ * Optional passphrase.
185
+ */
186
+ passphrase?: string | undefined;
187
+ }
188
+ interface TLSSocketOptions extends SecureContextOptions, CommonConnectionOptions {
189
+ /**
190
+ * If true the TLS socket will be instantiated in server-mode.
191
+ * Defaults to false.
192
+ */
193
+ isServer?: boolean | undefined;
194
+ /**
195
+ * An optional net.Server instance.
196
+ */
197
+ server?: net.Server | undefined;
198
+ /**
199
+ * An optional Buffer instance containing a TLS session.
200
+ */
201
+ session?: Buffer | undefined;
202
+ /**
203
+ * If true, specifies that the OCSP status request extension will be
204
+ * added to the client hello and an 'OCSPResponse' event will be
205
+ * emitted on the socket before establishing a secure communication
206
+ */
207
+ requestOCSP?: boolean | undefined;
208
+ }
209
+ /**
210
+ * Performs transparent encryption of written data and all required TLS
211
+ * negotiation.
212
+ *
213
+ * Instances of `tls.TLSSocket` implement the duplex `Stream` interface.
214
+ *
215
+ * Methods that return TLS connection metadata (e.g.{@link TLSSocket.getPeerCertificate}) will only return data while the
216
+ * connection is open.
217
+ * @since v0.11.4
218
+ */
219
+ class TLSSocket extends net.Socket {
220
+ /**
221
+ * Construct a new tls.TLSSocket object from an existing TCP socket.
222
+ */
223
+ constructor(socket: net.Socket | stream.Duplex, options?: TLSSocketOptions);
224
+ /**
225
+ * This property is `true` if the peer certificate was signed by one of the CAs
226
+ * specified when creating the `tls.TLSSocket` instance, otherwise `false`.
227
+ * @since v0.11.4
228
+ */
229
+ authorized: boolean;
230
+ /**
231
+ * Returns the reason why the peer's certificate was not been verified. This
232
+ * property is set only when `tlsSocket.authorized === false`.
233
+ * @since v0.11.4
234
+ */
235
+ authorizationError: Error;
236
+ /**
237
+ * Always returns `true`. This may be used to distinguish TLS sockets from regular`net.Socket` instances.
238
+ * @since v0.11.4
239
+ */
240
+ encrypted: true;
241
+ /**
242
+ * String containing the selected ALPN protocol.
243
+ * Before a handshake has completed, this value is always null.
244
+ * When a handshake is completed but not ALPN protocol was selected, tlsSocket.alpnProtocol equals false.
245
+ */
246
+ alpnProtocol: string | false | null;
247
+ /**
248
+ * Returns an object representing the local certificate. The returned object has
249
+ * some properties corresponding to the fields of the certificate.
250
+ *
251
+ * See {@link TLSSocket.getPeerCertificate} for an example of the certificate
252
+ * structure.
253
+ *
254
+ * If there is no local certificate, an empty object will be returned. If the
255
+ * socket has been destroyed, `null` will be returned.
256
+ * @since v11.2.0
257
+ */
258
+ getCertificate(): PeerCertificate | object | null;
259
+ /**
260
+ * Returns an object containing information on the negotiated cipher suite.
261
+ *
262
+ * For example, a TLSv1.2 protocol with AES256-SHA cipher:
263
+ *
264
+ * ```json
265
+ * {
266
+ * "name": "AES256-SHA",
267
+ * "standardName": "TLS_RSA_WITH_AES_256_CBC_SHA",
268
+ * "version": "SSLv3"
269
+ * }
270
+ * ```
271
+ *
272
+ * See [SSL\_CIPHER\_get\_name](https://www.openssl.org/docs/man1.1.1/man3/SSL_CIPHER_get_name.html) for more information.
273
+ * @since v0.11.4
274
+ */
275
+ getCipher(): CipherNameAndProtocol;
276
+ /**
277
+ * Returns an object representing the type, name, and size of parameter of
278
+ * an ephemeral key exchange in `perfect forward secrecy` on a client
279
+ * connection. It returns an empty object when the key exchange is not
280
+ * ephemeral. As this is only supported on a client socket; `null` is returned
281
+ * if called on a server socket. The supported types are `'DH'` and `'ECDH'`. The `name` property is available only when type is `'ECDH'`.
282
+ *
283
+ * For example: `{ type: 'ECDH', name: 'prime256v1', size: 256 }`.
284
+ * @since v5.0.0
285
+ */
286
+ getEphemeralKeyInfo(): EphemeralKeyInfo | object | null;
287
+ /**
288
+ * As the `Finished` messages are message digests of the complete handshake
289
+ * (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
290
+ * be used for external authentication procedures when the authentication
291
+ * provided by SSL/TLS is not desired or is not enough.
292
+ *
293
+ * Corresponds to the `SSL_get_finished` routine in OpenSSL and may be used
294
+ * to implement the `tls-unique` channel binding from [RFC 5929](https://tools.ietf.org/html/rfc5929).
295
+ * @since v9.9.0
296
+ * @return The latest `Finished` message that has been sent to the socket as part of a SSL/TLS handshake, or `undefined` if no `Finished` message has been sent yet.
297
+ */
298
+ getFinished(): Buffer | undefined;
299
+ /**
300
+ * Returns an object representing the peer's certificate. If the peer does not
301
+ * provide a certificate, an empty object will be returned. If the socket has been
302
+ * destroyed, `null` will be returned.
303
+ *
304
+ * If the full certificate chain was requested, each certificate will include an`issuerCertificate` property containing an object representing its issuer's
305
+ * certificate.
306
+ * @since v0.11.4
307
+ * @param detailed Include the full certificate chain if `true`, otherwise include just the peer's certificate.
308
+ * @return A certificate object.
309
+ */
310
+ getPeerCertificate(detailed: true): DetailedPeerCertificate;
311
+ getPeerCertificate(detailed?: false): PeerCertificate;
312
+ getPeerCertificate(detailed?: boolean): PeerCertificate | DetailedPeerCertificate;
313
+ /**
314
+ * As the `Finished` messages are message digests of the complete handshake
315
+ * (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
316
+ * be used for external authentication procedures when the authentication
317
+ * provided by SSL/TLS is not desired or is not enough.
318
+ *
319
+ * Corresponds to the `SSL_get_peer_finished` routine in OpenSSL and may be used
320
+ * to implement the `tls-unique` channel binding from [RFC 5929](https://tools.ietf.org/html/rfc5929).
321
+ * @since v9.9.0
322
+ * @return The latest `Finished` message that is expected or has actually been received from the socket as part of a SSL/TLS handshake, or `undefined` if there is no `Finished` message so
323
+ * far.
324
+ */
325
+ getPeerFinished(): Buffer | undefined;
326
+ /**
327
+ * Returns a string containing the negotiated SSL/TLS protocol version of the
328
+ * current connection. The value `'unknown'` will be returned for connected
329
+ * sockets that have not completed the handshaking process. The value `null` will
330
+ * be returned for server sockets or disconnected client sockets.
331
+ *
332
+ * Protocol versions are:
333
+ *
334
+ * * `'SSLv3'`
335
+ * * `'TLSv1'`
336
+ * * `'TLSv1.1'`
337
+ * * `'TLSv1.2'`
338
+ * * `'TLSv1.3'`
339
+ *
340
+ * See the OpenSSL [`SSL_get_version`](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_version.html) documentation for more information.
341
+ * @since v5.7.0
342
+ */
343
+ getProtocol(): string | null;
344
+ /**
345
+ * Returns the TLS session data or `undefined` if no session was
346
+ * negotiated. On the client, the data can be provided to the `session` option of {@link connect} to resume the connection. On the server, it may be useful
347
+ * for debugging.
348
+ *
349
+ * See `Session Resumption` for more information.
350
+ *
351
+ * Note: `getSession()` works only for TLSv1.2 and below. For TLSv1.3, applications
352
+ * must use the `'session'` event (it also works for TLSv1.2 and below).
353
+ * @since v0.11.4
354
+ */
355
+ getSession(): Buffer | undefined;
356
+ /**
357
+ * See [SSL\_get\_shared\_sigalgs](https://www.openssl.org/docs/man1.1.1/man3/SSL_get_shared_sigalgs.html) for more information.
358
+ * @since v12.11.0
359
+ * @return List of signature algorithms shared between the server and the client in the order of decreasing preference.
360
+ */
361
+ getSharedSigalgs(): string[];
362
+ /**
363
+ * For a client, returns the TLS session ticket if one is available, or`undefined`. For a server, always returns `undefined`.
364
+ *
365
+ * It may be useful for debugging.
366
+ *
367
+ * See `Session Resumption` for more information.
368
+ * @since v0.11.4
369
+ */
370
+ getTLSTicket(): Buffer | undefined;
371
+ /**
372
+ * See `Session Resumption` for more information.
373
+ * @since v0.5.6
374
+ * @return `true` if the session was reused, `false` otherwise.
375
+ */
376
+ isSessionReused(): boolean;
377
+ /**
378
+ * The `tlsSocket.renegotiate()` method initiates a TLS renegotiation process.
379
+ * Upon completion, the `callback` function will be passed a single argument
380
+ * that is either an `Error` (if the request failed) or `null`.
381
+ *
382
+ * This method can be used to request a peer's certificate after the secure
383
+ * connection has been established.
384
+ *
385
+ * When running as the server, the socket will be destroyed with an error after `handshakeTimeout` timeout.
386
+ *
387
+ * For TLSv1.3, renegotiation cannot be initiated, it is not supported by the
388
+ * protocol.
389
+ * @since v0.11.8
390
+ * @param callback If `renegotiate()` returned `true`, callback is attached once to the `'secure'` event. If `renegotiate()` returned `false`, `callback` will be called in the next tick with
391
+ * an error, unless the `tlsSocket` has been destroyed, in which case `callback` will not be called at all.
392
+ * @return `true` if renegotiation was initiated, `false` otherwise.
393
+ */
394
+ renegotiate(
395
+ options: {
396
+ rejectUnauthorized?: boolean | undefined;
397
+ requestCert?: boolean | undefined;
398
+ },
399
+ callback: (err: Error | null) => void,
400
+ ): undefined | boolean;
401
+ /**
402
+ * The `tlsSocket.setMaxSendFragment()` method sets the maximum TLS fragment size.
403
+ * Returns `true` if setting the limit succeeded; `false` otherwise.
404
+ *
405
+ * Smaller fragment sizes decrease the buffering latency on the client: larger
406
+ * fragments are buffered by the TLS layer until the entire fragment is received
407
+ * and its integrity is verified; large fragments can span multiple roundtrips
408
+ * and their processing can be delayed due to packet loss or reordering. However,
409
+ * smaller fragments add extra TLS framing bytes and CPU overhead, which may
410
+ * decrease overall server throughput.
411
+ * @since v0.11.11
412
+ * @param [size=16384] The maximum TLS fragment size. The maximum value is `16384`.
413
+ */
414
+ setMaxSendFragment(size: number): boolean;
415
+ /**
416
+ * Disables TLS renegotiation for this `TLSSocket` instance. Once called, attempts
417
+ * to renegotiate will trigger an `'error'` event on the `TLSSocket`.
418
+ * @since v8.4.0
419
+ */
420
+ disableRenegotiation(): void;
421
+ /**
422
+ * When enabled, TLS packet trace information is written to `stderr`. This can be
423
+ * used to debug TLS connection problems.
424
+ *
425
+ * The format of the output is identical to the output of`openssl s_client -trace` or `openssl s_server -trace`. While it is produced by
426
+ * OpenSSL's `SSL_trace()` function, the format is undocumented, can change
427
+ * without notice, and should not be relied on.
428
+ * @since v12.2.0
429
+ */
430
+ enableTrace(): void;
431
+ /**
432
+ * Returns the peer certificate as an `X509Certificate` object.
433
+ *
434
+ * If there is no peer certificate, or the socket has been destroyed,`undefined` will be returned.
435
+ * @since v15.9.0
436
+ */
437
+ getPeerX509Certificate(): X509Certificate | undefined;
438
+ /**
439
+ * Returns the local certificate as an `X509Certificate` object.
440
+ *
441
+ * If there is no local certificate, or the socket has been destroyed,`undefined` will be returned.
442
+ * @since v15.9.0
443
+ */
444
+ getX509Certificate(): X509Certificate | undefined;
445
+ /**
446
+ * Keying material is used for validations to prevent different kind of attacks in
447
+ * network protocols, for example in the specifications of IEEE 802.1X.
448
+ *
449
+ * Example
450
+ *
451
+ * ```js
452
+ * const keyingMaterial = tlsSocket.exportKeyingMaterial(
453
+ * 128,
454
+ * 'client finished');
455
+ *
456
+ * /*
457
+ * Example return value of keyingMaterial:
458
+ * <Buffer 76 26 af 99 c5 56 8e 42 09 91 ef 9f 93 cb ad 6c 7b 65 f8 53 f1 d8 d9
459
+ * 12 5a 33 b8 b5 25 df 7b 37 9f e0 e2 4f b8 67 83 a3 2f cd 5d 41 42 4c 91
460
+ * 74 ef 2c ... 78 more bytes>
461
+ *
462
+ * ```
463
+ *
464
+ * See the OpenSSL [`SSL_export_keying_material`](https://www.openssl.org/docs/man1.1.1/man3/SSL_export_keying_material.html) documentation for more
465
+ * information.
466
+ * @since v13.10.0, v12.17.0
467
+ * @param length number of bytes to retrieve from keying material
468
+ * @param label an application specific label, typically this will be a value from the [IANA Exporter Label
469
+ * Registry](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels).
470
+ * @param context Optionally provide a context.
471
+ * @return requested bytes of the keying material
472
+ */
473
+ exportKeyingMaterial(length: number, label: string, context: Buffer): Buffer;
474
+ addListener(event: string, listener: (...args: any[]) => void): this;
475
+ addListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
476
+ addListener(event: "secureConnect", listener: () => void): this;
477
+ addListener(event: "session", listener: (session: Buffer) => void): this;
478
+ addListener(event: "keylog", listener: (line: Buffer) => void): this;
479
+ emit(event: string | symbol, ...args: any[]): boolean;
480
+ emit(event: "OCSPResponse", response: Buffer): boolean;
481
+ emit(event: "secureConnect"): boolean;
482
+ emit(event: "session", session: Buffer): boolean;
483
+ emit(event: "keylog", line: Buffer): boolean;
484
+ on(event: string, listener: (...args: any[]) => void): this;
485
+ on(event: "OCSPResponse", listener: (response: Buffer) => void): this;
486
+ on(event: "secureConnect", listener: () => void): this;
487
+ on(event: "session", listener: (session: Buffer) => void): this;
488
+ on(event: "keylog", listener: (line: Buffer) => void): this;
489
+ once(event: string, listener: (...args: any[]) => void): this;
490
+ once(event: "OCSPResponse", listener: (response: Buffer) => void): this;
491
+ once(event: "secureConnect", listener: () => void): this;
492
+ once(event: "session", listener: (session: Buffer) => void): this;
493
+ once(event: "keylog", listener: (line: Buffer) => void): this;
494
+ prependListener(event: string, listener: (...args: any[]) => void): this;
495
+ prependListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
496
+ prependListener(event: "secureConnect", listener: () => void): this;
497
+ prependListener(event: "session", listener: (session: Buffer) => void): this;
498
+ prependListener(event: "keylog", listener: (line: Buffer) => void): this;
499
+ prependOnceListener(event: string, listener: (...args: any[]) => void): this;
500
+ prependOnceListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
501
+ prependOnceListener(event: "secureConnect", listener: () => void): this;
502
+ prependOnceListener(event: "session", listener: (session: Buffer) => void): this;
503
+ prependOnceListener(event: "keylog", listener: (line: Buffer) => void): this;
504
+ }
505
+ interface CommonConnectionOptions {
506
+ /**
507
+ * An optional TLS context object from tls.createSecureContext()
508
+ */
509
+ secureContext?: SecureContext | undefined;
510
+ /**
511
+ * When enabled, TLS packet trace information is written to `stderr`. This can be
512
+ * used to debug TLS connection problems.
513
+ * @default false
514
+ */
515
+ enableTrace?: boolean | undefined;
516
+ /**
517
+ * If true the server will request a certificate from clients that
518
+ * connect and attempt to verify that certificate. Defaults to
519
+ * false.
520
+ */
521
+ requestCert?: boolean | undefined;
522
+ /**
523
+ * An array of strings or a Buffer naming possible ALPN protocols.
524
+ * (Protocols should be ordered by their priority.)
525
+ */
526
+ ALPNProtocols?: string[] | Uint8Array[] | Uint8Array | undefined;
527
+ /**
528
+ * SNICallback(servername, cb) <Function> A function that will be
529
+ * called if the client supports SNI TLS extension. Two arguments
530
+ * will be passed when called: servername and cb. SNICallback should
531
+ * invoke cb(null, ctx), where ctx is a SecureContext instance.
532
+ * (tls.createSecureContext(...) can be used to get a proper
533
+ * SecureContext.) If SNICallback wasn't provided the default callback
534
+ * with high-level API will be used (see below).
535
+ */
536
+ SNICallback?: ((servername: string, cb: (err: Error | null, ctx?: SecureContext) => void) => void) | undefined;
537
+ /**
538
+ * If true the server will reject any connection which is not
539
+ * authorized with the list of supplied CAs. This option only has an
540
+ * effect if requestCert is true.
541
+ * @default true
542
+ */
543
+ rejectUnauthorized?: boolean | undefined;
544
+ }
545
+ interface TlsOptions extends SecureContextOptions, CommonConnectionOptions, net.ServerOpts {
546
+ /**
547
+ * Abort the connection if the SSL/TLS handshake does not finish in the
548
+ * specified number of milliseconds. A 'tlsClientError' is emitted on
549
+ * the tls.Server object whenever a handshake times out. Default:
550
+ * 120000 (120 seconds).
551
+ */
552
+ handshakeTimeout?: number | undefined;
553
+ /**
554
+ * The number of seconds after which a TLS session created by the
555
+ * server will no longer be resumable. See Session Resumption for more
556
+ * information. Default: 300.
557
+ */
558
+ sessionTimeout?: number | undefined;
559
+ /**
560
+ * 48-bytes of cryptographically strong pseudo-random data.
561
+ */
562
+ ticketKeys?: Buffer | undefined;
563
+ /**
564
+ * @param socket
565
+ * @param identity identity parameter sent from the client.
566
+ * @return pre-shared key that must either be
567
+ * a buffer or `null` to stop the negotiation process. Returned PSK must be
568
+ * compatible with the selected cipher's digest.
569
+ *
570
+ * When negotiating TLS-PSK (pre-shared keys), this function is called
571
+ * with the identity provided by the client.
572
+ * If the return value is `null` the negotiation process will stop and an
573
+ * "unknown_psk_identity" alert message will be sent to the other party.
574
+ * If the server wishes to hide the fact that the PSK identity was not known,
575
+ * the callback must provide some random data as `psk` to make the connection
576
+ * fail with "decrypt_error" before negotiation is finished.
577
+ * PSK ciphers are disabled by default, and using TLS-PSK thus
578
+ * requires explicitly specifying a cipher suite with the `ciphers` option.
579
+ * More information can be found in the RFC 4279.
580
+ */
581
+ pskCallback?(socket: TLSSocket, identity: string): DataView | NodeJS.TypedArray | null;
582
+ /**
583
+ * hint to send to a client to help
584
+ * with selecting the identity during TLS-PSK negotiation. Will be ignored
585
+ * in TLS 1.3. Upon failing to set pskIdentityHint `tlsClientError` will be
586
+ * emitted with `ERR_TLS_PSK_SET_IDENTIY_HINT_FAILED` code.
587
+ */
588
+ pskIdentityHint?: string | undefined;
589
+ }
590
+ interface PSKCallbackNegotation {
591
+ psk: DataView | NodeJS.TypedArray;
592
+ identity: string;
593
+ }
594
+ interface ConnectionOptions extends SecureContextOptions, CommonConnectionOptions {
595
+ host?: string | undefined;
596
+ port?: number | undefined;
597
+ path?: string | undefined; // Creates unix socket connection to path. If this option is specified, `host` and `port` are ignored.
598
+ socket?: stream.Duplex | undefined; // Establish secure connection on a given socket rather than creating a new socket
599
+ checkServerIdentity?: typeof checkServerIdentity | undefined;
600
+ servername?: string | undefined; // SNI TLS Extension
601
+ session?: Buffer | undefined;
602
+ minDHSize?: number | undefined;
603
+ lookup?: net.LookupFunction | undefined;
604
+ timeout?: number | undefined;
605
+ /**
606
+ * When negotiating TLS-PSK (pre-shared keys), this function is called
607
+ * with optional identity `hint` provided by the server or `null`
608
+ * in case of TLS 1.3 where `hint` was removed.
609
+ * It will be necessary to provide a custom `tls.checkServerIdentity()`
610
+ * for the connection as the default one will try to check hostname/IP
611
+ * of the server against the certificate but that's not applicable for PSK
612
+ * because there won't be a certificate present.
613
+ * More information can be found in the RFC 4279.
614
+ *
615
+ * @param hint message sent from the server to help client
616
+ * decide which identity to use during negotiation.
617
+ * Always `null` if TLS 1.3 is used.
618
+ * @returns Return `null` to stop the negotiation process. `psk` must be
619
+ * compatible with the selected cipher's digest.
620
+ * `identity` must use UTF-8 encoding.
621
+ */
622
+ pskCallback?(hint: string | null): PSKCallbackNegotation | null;
623
+ }
624
+ /**
625
+ * Accepts encrypted connections using TLS or SSL.
626
+ * @since v0.3.2
627
+ */
628
+ class Server extends net.Server {
629
+ constructor(secureConnectionListener?: (socket: TLSSocket) => void);
630
+ constructor(options: TlsOptions, secureConnectionListener?: (socket: TLSSocket) => void);
631
+ /**
632
+ * The `server.addContext()` method adds a secure context that will be used if
633
+ * the client request's SNI name matches the supplied `hostname` (or wildcard).
634
+ *
635
+ * When there are multiple matching contexts, the most recently added one is
636
+ * used.
637
+ * @since v0.5.3
638
+ * @param hostname A SNI host name or wildcard (e.g. `'*'`)
639
+ * @param context An object containing any of the possible properties from the {@link createSecureContext} `options` arguments (e.g. `key`, `cert`, `ca`, etc), or a TLS context object created
640
+ * with {@link createSecureContext} itself.
641
+ */
642
+ addContext(hostname: string, context: SecureContextOptions): void;
643
+ /**
644
+ * Returns the session ticket keys.
645
+ *
646
+ * See `Session Resumption` for more information.
647
+ * @since v3.0.0
648
+ * @return A 48-byte buffer containing the session ticket keys.
649
+ */
650
+ getTicketKeys(): Buffer;
651
+ /**
652
+ * The `server.setSecureContext()` method replaces the secure context of an
653
+ * existing server. Existing connections to the server are not interrupted.
654
+ * @since v11.0.0
655
+ * @param options An object containing any of the possible properties from the {@link createSecureContext} `options` arguments (e.g. `key`, `cert`, `ca`, etc).
656
+ */
657
+ setSecureContext(options: SecureContextOptions): void;
658
+ /**
659
+ * Sets the session ticket keys.
660
+ *
661
+ * Changes to the ticket keys are effective only for future server connections.
662
+ * Existing or currently pending server connections will use the previous keys.
663
+ *
664
+ * See `Session Resumption` for more information.
665
+ * @since v3.0.0
666
+ * @param keys A 48-byte buffer containing the session ticket keys.
667
+ */
668
+ setTicketKeys(keys: Buffer): void;
669
+ /**
670
+ * events.EventEmitter
671
+ * 1. tlsClientError
672
+ * 2. newSession
673
+ * 3. OCSPRequest
674
+ * 4. resumeSession
675
+ * 5. secureConnection
676
+ * 6. keylog
677
+ */
678
+ addListener(event: string, listener: (...args: any[]) => void): this;
679
+ addListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
680
+ addListener(
681
+ event: "newSession",
682
+ listener: (sessionId: Buffer, sessionData: Buffer, callback: () => void) => void,
683
+ ): this;
684
+ addListener(
685
+ event: "OCSPRequest",
686
+ listener: (
687
+ certificate: Buffer,
688
+ issuer: Buffer,
689
+ callback: (err: Error | null, resp: Buffer) => void,
690
+ ) => void,
691
+ ): this;
692
+ addListener(
693
+ event: "resumeSession",
694
+ listener: (sessionId: Buffer, callback: (err: Error | null, sessionData: Buffer | null) => void) => void,
695
+ ): this;
696
+ addListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
697
+ addListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
698
+ emit(event: string | symbol, ...args: any[]): boolean;
699
+ emit(event: "tlsClientError", err: Error, tlsSocket: TLSSocket): boolean;
700
+ emit(event: "newSession", sessionId: Buffer, sessionData: Buffer, callback: () => void): boolean;
701
+ emit(
702
+ event: "OCSPRequest",
703
+ certificate: Buffer,
704
+ issuer: Buffer,
705
+ callback: (err: Error | null, resp: Buffer) => void,
706
+ ): boolean;
707
+ emit(
708
+ event: "resumeSession",
709
+ sessionId: Buffer,
710
+ callback: (err: Error | null, sessionData: Buffer | null) => void,
711
+ ): boolean;
712
+ emit(event: "secureConnection", tlsSocket: TLSSocket): boolean;
713
+ emit(event: "keylog", line: Buffer, tlsSocket: TLSSocket): boolean;
714
+ on(event: string, listener: (...args: any[]) => void): this;
715
+ on(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
716
+ on(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: () => void) => void): this;
717
+ on(
718
+ event: "OCSPRequest",
719
+ listener: (
720
+ certificate: Buffer,
721
+ issuer: Buffer,
722
+ callback: (err: Error | null, resp: Buffer) => void,
723
+ ) => void,
724
+ ): this;
725
+ on(
726
+ event: "resumeSession",
727
+ listener: (sessionId: Buffer, callback: (err: Error | null, sessionData: Buffer | null) => void) => void,
728
+ ): this;
729
+ on(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
730
+ on(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
731
+ once(event: string, listener: (...args: any[]) => void): this;
732
+ once(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
733
+ once(
734
+ event: "newSession",
735
+ listener: (sessionId: Buffer, sessionData: Buffer, callback: () => void) => void,
736
+ ): this;
737
+ once(
738
+ event: "OCSPRequest",
739
+ listener: (
740
+ certificate: Buffer,
741
+ issuer: Buffer,
742
+ callback: (err: Error | null, resp: Buffer) => void,
743
+ ) => void,
744
+ ): this;
745
+ once(
746
+ event: "resumeSession",
747
+ listener: (sessionId: Buffer, callback: (err: Error | null, sessionData: Buffer | null) => void) => void,
748
+ ): this;
749
+ once(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
750
+ once(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
751
+ prependListener(event: string, listener: (...args: any[]) => void): this;
752
+ prependListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
753
+ prependListener(
754
+ event: "newSession",
755
+ listener: (sessionId: Buffer, sessionData: Buffer, callback: () => void) => void,
756
+ ): this;
757
+ prependListener(
758
+ event: "OCSPRequest",
759
+ listener: (
760
+ certificate: Buffer,
761
+ issuer: Buffer,
762
+ callback: (err: Error | null, resp: Buffer) => void,
763
+ ) => void,
764
+ ): this;
765
+ prependListener(
766
+ event: "resumeSession",
767
+ listener: (sessionId: Buffer, callback: (err: Error | null, sessionData: Buffer | null) => void) => void,
768
+ ): this;
769
+ prependListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
770
+ prependListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
771
+ prependOnceListener(event: string, listener: (...args: any[]) => void): this;
772
+ prependOnceListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
773
+ prependOnceListener(
774
+ event: "newSession",
775
+ listener: (sessionId: Buffer, sessionData: Buffer, callback: () => void) => void,
776
+ ): this;
777
+ prependOnceListener(
778
+ event: "OCSPRequest",
779
+ listener: (
780
+ certificate: Buffer,
781
+ issuer: Buffer,
782
+ callback: (err: Error | null, resp: Buffer) => void,
783
+ ) => void,
784
+ ): this;
785
+ prependOnceListener(
786
+ event: "resumeSession",
787
+ listener: (sessionId: Buffer, callback: (err: Error | null, sessionData: Buffer | null) => void) => void,
788
+ ): this;
789
+ prependOnceListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
790
+ prependOnceListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
791
+ }
792
+ /**
793
+ * @deprecated since v0.11.3 Use `tls.TLSSocket` instead.
794
+ */
795
+ interface SecurePair {
796
+ encrypted: TLSSocket;
797
+ cleartext: TLSSocket;
798
+ }
799
+ type SecureVersion = "TLSv1.3" | "TLSv1.2" | "TLSv1.1" | "TLSv1";
800
+ interface SecureContextOptions {
801
+ /**
802
+ * If set, this will be called when a client opens a connection using the ALPN extension.
803
+ * One argument will be passed to the callback: an object containing `servername` and `protocols` fields,
804
+ * respectively containing the server name from the SNI extension (if any) and an array of
805
+ * ALPN protocol name strings. The callback must return either one of the strings listed in `protocols`,
806
+ * which will be returned to the client as the selected ALPN protocol, or `undefined`,
807
+ * to reject the connection with a fatal alert. If a string is returned that does not match one of
808
+ * the client's ALPN protocols, an error will be thrown.
809
+ * This option cannot be used with the `ALPNProtocols` option, and setting both options will throw an error.
810
+ */
811
+ ALPNCallback?: ((arg: { servername: string; protocols: string[] }) => string | undefined) | undefined;
812
+ /**
813
+ * Optionally override the trusted CA certificates. Default is to trust
814
+ * the well-known CAs curated by Mozilla. Mozilla's CAs are completely
815
+ * replaced when CAs are explicitly specified using this option.
816
+ */
817
+ ca?: string | Buffer | Array<string | Buffer> | undefined;
818
+ /**
819
+ * Cert chains in PEM format. One cert chain should be provided per
820
+ * private key. Each cert chain should consist of the PEM formatted
821
+ * certificate for a provided private key, followed by the PEM
822
+ * formatted intermediate certificates (if any), in order, and not
823
+ * including the root CA (the root CA must be pre-known to the peer,
824
+ * see ca). When providing multiple cert chains, they do not have to
825
+ * be in the same order as their private keys in key. If the
826
+ * intermediate certificates are not provided, the peer will not be
827
+ * able to validate the certificate, and the handshake will fail.
828
+ */
829
+ cert?: string | Buffer | Array<string | Buffer> | undefined;
830
+ /**
831
+ * Colon-separated list of supported signature algorithms. The list
832
+ * can contain digest algorithms (SHA256, MD5 etc.), public key
833
+ * algorithms (RSA-PSS, ECDSA etc.), combination of both (e.g
834
+ * 'RSA+SHA384') or TLS v1.3 scheme names (e.g. rsa_pss_pss_sha512).
835
+ */
836
+ sigalgs?: string | undefined;
837
+ /**
838
+ * Cipher suite specification, replacing the default. For more
839
+ * information, see modifying the default cipher suite. Permitted
840
+ * ciphers can be obtained via tls.getCiphers(). Cipher names must be
841
+ * uppercased in order for OpenSSL to accept them.
842
+ */
843
+ ciphers?: string | undefined;
844
+ /**
845
+ * Name of an OpenSSL engine which can provide the client certificate.
846
+ */
847
+ clientCertEngine?: string | undefined;
848
+ /**
849
+ * PEM formatted CRLs (Certificate Revocation Lists).
850
+ */
851
+ crl?: string | Buffer | Array<string | Buffer> | undefined;
852
+ /**
853
+ * `'auto'` or custom Diffie-Hellman parameters, required for non-ECDHE perfect forward secrecy.
854
+ * If omitted or invalid, the parameters are silently discarded and DHE ciphers will not be available.
855
+ * ECDHE-based perfect forward secrecy will still be available.
856
+ */
857
+ dhparam?: string | Buffer | undefined;
858
+ /**
859
+ * A string describing a named curve or a colon separated list of curve
860
+ * NIDs or names, for example P-521:P-384:P-256, to use for ECDH key
861
+ * agreement. Set to auto to select the curve automatically. Use
862
+ * crypto.getCurves() to obtain a list of available curve names. On
863
+ * recent releases, openssl ecparam -list_curves will also display the
864
+ * name and description of each available elliptic curve. Default:
865
+ * tls.DEFAULT_ECDH_CURVE.
866
+ */
867
+ ecdhCurve?: string | undefined;
868
+ /**
869
+ * Attempt to use the server's cipher suite preferences instead of the
870
+ * client's. When true, causes SSL_OP_CIPHER_SERVER_PREFERENCE to be
871
+ * set in secureOptions
872
+ */
873
+ honorCipherOrder?: boolean | undefined;
874
+ /**
875
+ * Private keys in PEM format. PEM allows the option of private keys
876
+ * being encrypted. Encrypted keys will be decrypted with
877
+ * options.passphrase. Multiple keys using different algorithms can be
878
+ * provided either as an array of unencrypted key strings or buffers,
879
+ * or an array of objects in the form {pem: <string|buffer>[,
880
+ * passphrase: <string>]}. The object form can only occur in an array.
881
+ * object.passphrase is optional. Encrypted keys will be decrypted with
882
+ * object.passphrase if provided, or options.passphrase if it is not.
883
+ */
884
+ key?: string | Buffer | Array<string | Buffer | KeyObject> | undefined;
885
+ /**
886
+ * Name of an OpenSSL engine to get private key from. Should be used
887
+ * together with privateKeyIdentifier.
888
+ */
889
+ privateKeyEngine?: string | undefined;
890
+ /**
891
+ * Identifier of a private key managed by an OpenSSL engine. Should be
892
+ * used together with privateKeyEngine. Should not be set together with
893
+ * key, because both options define a private key in different ways.
894
+ */
895
+ privateKeyIdentifier?: string | undefined;
896
+ /**
897
+ * Optionally set the maximum TLS version to allow. One
898
+ * of `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`. Cannot be specified along with the
899
+ * `secureProtocol` option, use one or the other.
900
+ * **Default:** `'TLSv1.3'`, unless changed using CLI options. Using
901
+ * `--tls-max-v1.2` sets the default to `'TLSv1.2'`. Using `--tls-max-v1.3` sets the default to
902
+ * `'TLSv1.3'`. If multiple of the options are provided, the highest maximum is used.
903
+ */
904
+ maxVersion?: SecureVersion | undefined;
905
+ /**
906
+ * Optionally set the minimum TLS version to allow. One
907
+ * of `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`. Cannot be specified along with the
908
+ * `secureProtocol` option, use one or the other. It is not recommended to use
909
+ * less than TLSv1.2, but it may be required for interoperability.
910
+ * **Default:** `'TLSv1.2'`, unless changed using CLI options. Using
911
+ * `--tls-v1.0` sets the default to `'TLSv1'`. Using `--tls-v1.1` sets the default to
912
+ * `'TLSv1.1'`. Using `--tls-min-v1.3` sets the default to
913
+ * 'TLSv1.3'. If multiple of the options are provided, the lowest minimum is used.
914
+ */
915
+ minVersion?: SecureVersion | undefined;
916
+ /**
917
+ * Shared passphrase used for a single private key and/or a PFX.
918
+ */
919
+ passphrase?: string | undefined;
920
+ /**
921
+ * PFX or PKCS12 encoded private key and certificate chain. pfx is an
922
+ * alternative to providing key and cert individually. PFX is usually
923
+ * encrypted, if it is, passphrase will be used to decrypt it. Multiple
924
+ * PFX can be provided either as an array of unencrypted PFX buffers,
925
+ * or an array of objects in the form {buf: <string|buffer>[,
926
+ * passphrase: <string>]}. The object form can only occur in an array.
927
+ * object.passphrase is optional. Encrypted PFX will be decrypted with
928
+ * object.passphrase if provided, or options.passphrase if it is not.
929
+ */
930
+ pfx?: string | Buffer | Array<string | Buffer | PxfObject> | undefined;
931
+ /**
932
+ * Optionally affect the OpenSSL protocol behavior, which is not
933
+ * usually necessary. This should be used carefully if at all! Value is
934
+ * a numeric bitmask of the SSL_OP_* options from OpenSSL Options
935
+ */
936
+ secureOptions?: number | undefined; // Value is a numeric bitmask of the `SSL_OP_*` options
937
+ /**
938
+ * Legacy mechanism to select the TLS protocol version to use, it does
939
+ * not support independent control of the minimum and maximum version,
940
+ * and does not support limiting the protocol to TLSv1.3. Use
941
+ * minVersion and maxVersion instead. The possible values are listed as
942
+ * SSL_METHODS, use the function names as strings. For example, use
943
+ * 'TLSv1_1_method' to force TLS version 1.1, or 'TLS_method' to allow
944
+ * any TLS protocol version up to TLSv1.3. It is not recommended to use
945
+ * TLS versions less than 1.2, but it may be required for
946
+ * interoperability. Default: none, see minVersion.
947
+ */
948
+ secureProtocol?: string | undefined;
949
+ /**
950
+ * Opaque identifier used by servers to ensure session state is not
951
+ * shared between applications. Unused by clients.
952
+ */
953
+ sessionIdContext?: string | undefined;
954
+ /**
955
+ * 48-bytes of cryptographically strong pseudo-random data.
956
+ * See Session Resumption for more information.
957
+ */
958
+ ticketKeys?: Buffer | undefined;
959
+ /**
960
+ * The number of seconds after which a TLS session created by the
961
+ * server will no longer be resumable. See Session Resumption for more
962
+ * information. Default: 300.
963
+ */
964
+ sessionTimeout?: number | undefined;
965
+ }
966
+ interface SecureContext {
967
+ context: any;
968
+ }
969
+ /**
970
+ * Verifies the certificate `cert` is issued to `hostname`.
971
+ *
972
+ * Returns [Error](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error) object, populating it with `reason`, `host`, and `cert` on
973
+ * failure. On success, returns [undefined](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Data_structures#Undefined_type).
974
+ *
975
+ * This function is intended to be used in combination with the`checkServerIdentity` option that can be passed to {@link connect} and as
976
+ * such operates on a `certificate object`. For other purposes, consider using `x509.checkHost()` instead.
977
+ *
978
+ * This function can be overwritten by providing an alternative function as the `options.checkServerIdentity` option that is passed to `tls.connect()`. The
979
+ * overwriting function can call `tls.checkServerIdentity()` of course, to augment
980
+ * the checks done with additional verification.
981
+ *
982
+ * This function is only called if the certificate passed all other checks, such as
983
+ * being issued by trusted CA (`options.ca`).
984
+ *
985
+ * Earlier versions of Node.js incorrectly accepted certificates for a given`hostname` if a matching `uniformResourceIdentifier` subject alternative name
986
+ * was present (see [CVE-2021-44531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44531)). Applications that wish to accept`uniformResourceIdentifier` subject alternative names can use
987
+ * a custom `options.checkServerIdentity` function that implements the desired behavior.
988
+ * @since v0.8.4
989
+ * @param hostname The host name or IP address to verify the certificate against.
990
+ * @param cert A `certificate object` representing the peer's certificate.
991
+ */
992
+ function checkServerIdentity(hostname: string, cert: PeerCertificate): Error | undefined;
993
+ /**
994
+ * Creates a new {@link Server}. The `secureConnectionListener`, if provided, is
995
+ * automatically set as a listener for the `'secureConnection'` event.
996
+ *
997
+ * The `ticketKeys` options is automatically shared between `node:cluster` module
998
+ * workers.
999
+ *
1000
+ * The following illustrates a simple echo server:
1001
+ *
1002
+ * ```js
1003
+ * const tls = require('node:tls');
1004
+ * const fs = require('node:fs');
1005
+ *
1006
+ * const options = {
1007
+ * key: fs.readFileSync('server-key.pem'),
1008
+ * cert: fs.readFileSync('server-cert.pem'),
1009
+ *
1010
+ * // This is necessary only if using client certificate authentication.
1011
+ * requestCert: true,
1012
+ *
1013
+ * // This is necessary only if the client uses a self-signed certificate.
1014
+ * ca: [ fs.readFileSync('client-cert.pem') ],
1015
+ * };
1016
+ *
1017
+ * const server = tls.createServer(options, (socket) => {
1018
+ * console.log('server connected',
1019
+ * socket.authorized ? 'authorized' : 'unauthorized');
1020
+ * socket.write('welcome!\n');
1021
+ * socket.setEncoding('utf8');
1022
+ * socket.pipe(socket);
1023
+ * });
1024
+ * server.listen(8000, () => {
1025
+ * console.log('server bound');
1026
+ * });
1027
+ * ```
1028
+ *
1029
+ * The server can be tested by connecting to it using the example client from {@link connect}.
1030
+ * @since v0.3.2
1031
+ */
1032
+ function createServer(secureConnectionListener?: (socket: TLSSocket) => void): Server;
1033
+ function createServer(options: TlsOptions, secureConnectionListener?: (socket: TLSSocket) => void): Server;
1034
+ /**
1035
+ * The `callback` function, if specified, will be added as a listener for the `'secureConnect'` event.
1036
+ *
1037
+ * `tls.connect()` returns a {@link TLSSocket} object.
1038
+ *
1039
+ * Unlike the `https` API, `tls.connect()` does not enable the
1040
+ * SNI (Server Name Indication) extension by default, which may cause some
1041
+ * servers to return an incorrect certificate or reject the connection
1042
+ * altogether. To enable SNI, set the `servername` option in addition
1043
+ * to `host`.
1044
+ *
1045
+ * The following illustrates a client for the echo server example from {@link createServer}:
1046
+ *
1047
+ * ```js
1048
+ * // Assumes an echo server that is listening on port 8000.
1049
+ * const tls = require('node:tls');
1050
+ * const fs = require('node:fs');
1051
+ *
1052
+ * const options = {
1053
+ * // Necessary only if the server requires client certificate authentication.
1054
+ * key: fs.readFileSync('client-key.pem'),
1055
+ * cert: fs.readFileSync('client-cert.pem'),
1056
+ *
1057
+ * // Necessary only if the server uses a self-signed certificate.
1058
+ * ca: [ fs.readFileSync('server-cert.pem') ],
1059
+ *
1060
+ * // Necessary only if the server's cert isn't for "localhost".
1061
+ * checkServerIdentity: () => { return null; },
1062
+ * };
1063
+ *
1064
+ * const socket = tls.connect(8000, options, () => {
1065
+ * console.log('client connected',
1066
+ * socket.authorized ? 'authorized' : 'unauthorized');
1067
+ * process.stdin.pipe(socket);
1068
+ * process.stdin.resume();
1069
+ * });
1070
+ * socket.setEncoding('utf8');
1071
+ * socket.on('data', (data) => {
1072
+ * console.log(data);
1073
+ * });
1074
+ * socket.on('end', () => {
1075
+ * console.log('server ends connection');
1076
+ * });
1077
+ * ```
1078
+ * @since v0.11.3
1079
+ */
1080
+ function connect(options: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
1081
+ function connect(
1082
+ port: number,
1083
+ host?: string,
1084
+ options?: ConnectionOptions,
1085
+ secureConnectListener?: () => void,
1086
+ ): TLSSocket;
1087
+ function connect(port: number, options?: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
1088
+ /**
1089
+ * Creates a new secure pair object with two streams, one of which reads and writes
1090
+ * the encrypted data and the other of which reads and writes the cleartext data.
1091
+ * Generally, the encrypted stream is piped to/from an incoming encrypted data
1092
+ * stream and the cleartext one is used as a replacement for the initial encrypted
1093
+ * stream.
1094
+ *
1095
+ * `tls.createSecurePair()` returns a `tls.SecurePair` object with `cleartext` and `encrypted` stream properties.
1096
+ *
1097
+ * Using `cleartext` has the same API as {@link TLSSocket}.
1098
+ *
1099
+ * The `tls.createSecurePair()` method is now deprecated in favor of`tls.TLSSocket()`. For example, the code:
1100
+ *
1101
+ * ```js
1102
+ * pair = tls.createSecurePair(// ... );
1103
+ * pair.encrypted.pipe(socket);
1104
+ * socket.pipe(pair.encrypted);
1105
+ * ```
1106
+ *
1107
+ * can be replaced by:
1108
+ *
1109
+ * ```js
1110
+ * secureSocket = tls.TLSSocket(socket, options);
1111
+ * ```
1112
+ *
1113
+ * where `secureSocket` has the same API as `pair.cleartext`.
1114
+ * @since v0.3.2
1115
+ * @deprecated Since v0.11.3 - Use {@link TLSSocket} instead.
1116
+ * @param context A secure context object as returned by `tls.createSecureContext()`
1117
+ * @param isServer `true` to specify that this TLS connection should be opened as a server.
1118
+ * @param requestCert `true` to specify whether a server should request a certificate from a connecting client. Only applies when `isServer` is `true`.
1119
+ * @param rejectUnauthorized If not `false` a server automatically reject clients with invalid certificates. Only applies when `isServer` is `true`.
1120
+ */
1121
+ function createSecurePair(
1122
+ context?: SecureContext,
1123
+ isServer?: boolean,
1124
+ requestCert?: boolean,
1125
+ rejectUnauthorized?: boolean,
1126
+ ): SecurePair;
1127
+ /**
1128
+ * `{@link createServer}` sets the default value of the `honorCipherOrder` option
1129
+ * to `true`, other APIs that create secure contexts leave it unset.
1130
+ *
1131
+ * `{@link createServer}` uses a 128 bit truncated SHA1 hash value generated
1132
+ * from `process.argv` as the default value of the `sessionIdContext` option, other
1133
+ * APIs that create secure contexts have no default value.
1134
+ *
1135
+ * The `tls.createSecureContext()` method creates a `SecureContext` object. It is
1136
+ * usable as an argument to several `tls` APIs, such as `server.addContext()`,
1137
+ * but has no public methods. The {@link Server} constructor and the {@link createServer} method do not support the `secureContext` option.
1138
+ *
1139
+ * A key is _required_ for ciphers that use certificates. Either `key` or `pfx` can be used to provide it.
1140
+ *
1141
+ * If the `ca` option is not given, then Node.js will default to using [Mozilla's publicly trusted list of
1142
+ * CAs](https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt).
1143
+ *
1144
+ * Custom DHE parameters are discouraged in favor of the new `dhparam: 'auto' `option. When set to `'auto'`, well-known DHE parameters of sufficient strength
1145
+ * will be selected automatically. Otherwise, if necessary, `openssl dhparam` can
1146
+ * be used to create custom parameters. The key length must be greater than or
1147
+ * equal to 1024 bits or else an error will be thrown. Although 1024 bits is
1148
+ * permissible, use 2048 bits or larger for stronger security.
1149
+ * @since v0.11.13
1150
+ */
1151
+ function createSecureContext(options?: SecureContextOptions): SecureContext;
1152
+ /**
1153
+ * Returns an array with the names of the supported TLS ciphers. The names are
1154
+ * lower-case for historical reasons, but must be uppercased to be used in
1155
+ * the `ciphers` option of `{@link createSecureContext}`.
1156
+ *
1157
+ * Not all supported ciphers are enabled by default. See
1158
+ * [Modifying the default TLS cipher suite](https://nodejs.org/docs/latest-v20.x/api/tls.html#modifying-the-default-tls-cipher-suite).
1159
+ *
1160
+ * Cipher names that start with `'tls_'` are for TLSv1.3, all the others are for
1161
+ * TLSv1.2 and below.
1162
+ *
1163
+ * ```js
1164
+ * console.log(tls.getCiphers()); // ['aes128-gcm-sha256', 'aes128-sha', ...]
1165
+ * ```
1166
+ * @since v0.10.2
1167
+ */
1168
+ function getCiphers(): string[];
1169
+ /**
1170
+ * The default curve name to use for ECDH key agreement in a tls server.
1171
+ * The default value is `'auto'`. See `{@link createSecureContext()}` for further
1172
+ * information.
1173
+ * @since v0.11.13
1174
+ */
1175
+ let DEFAULT_ECDH_CURVE: string;
1176
+ /**
1177
+ * The default value of the `maxVersion` option of `{@link createSecureContext()}`.
1178
+ * It can be assigned any of the supported TLS protocol versions,
1179
+ * `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`. **Default:** `'TLSv1.3'`, unless
1180
+ * changed using CLI options. Using `--tls-max-v1.2` sets the default to `'TLSv1.2'`. Using
1181
+ * `--tls-max-v1.3` sets the default to `'TLSv1.3'`. If multiple of the options
1182
+ * are provided, the highest maximum is used.
1183
+ * @since v11.4.0
1184
+ */
1185
+ let DEFAULT_MAX_VERSION: SecureVersion;
1186
+ /**
1187
+ * The default value of the `minVersion` option of `{@link createSecureContext()}`.
1188
+ * It can be assigned any of the supported TLS protocol versions,
1189
+ * `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`. **Default:** `'TLSv1.2'`, unless
1190
+ * changed using CLI options. Using `--tls-min-v1.0` sets the default to
1191
+ * `'TLSv1'`. Using `--tls-min-v1.1` sets the default to `'TLSv1.1'`. Using
1192
+ * `--tls-min-v1.3` sets the default to `'TLSv1.3'`. If multiple of the options
1193
+ * are provided, the lowest minimum is used.
1194
+ * @since v11.4.0
1195
+ */
1196
+ let DEFAULT_MIN_VERSION: SecureVersion;
1197
+ /**
1198
+ * The default value of the `ciphers` option of `{@link createSecureContext()}`.
1199
+ * It can be assigned any of the supported OpenSSL ciphers.
1200
+ * Defaults to the content of `crypto.constants.defaultCoreCipherList`, unless
1201
+ * changed using CLI options using `--tls-default-ciphers`.
1202
+ * @since v19.8.0
1203
+ */
1204
+ let DEFAULT_CIPHERS: string;
1205
+ /**
1206
+ * An immutable array of strings representing the root certificates (in PEM format)
1207
+ * from the bundled Mozilla CA store as supplied by the current Node.js version.
1208
+ *
1209
+ * The bundled CA store, as supplied by Node.js, is a snapshot of Mozilla CA store
1210
+ * that is fixed at release time. It is identical on all supported platforms.
1211
+ * @since v12.3.0
1212
+ */
1213
+ const rootCertificates: readonly string[];
1214
+ }
1215
+ declare module "node:tls" {
1216
+ export * from "tls";
1217
+ }