node js - Node js TLS/SSL - node - node js tutorial - webnode



What is TLS/SSL ?

  • TLS stands for Transport Layer Security.
  • It is the successor to Secure Sockets Layer (SSL).
  • TLS along with SSL is used for cryptographic protocols to secure communication over the web.
  • TLS uses public-key cryptography to encrypt messages.
  • It encrypts communication generally on the TCP layer.

What is public-key cryptography ?

  • In public-key cryptography, each client and each server has two keys: public key and private key.
  • Public key is shared with everyone and private key is secured.
  • To encrypt a message, a computer requires its private key and the recipient?s public key.
  • On the other hand, to decrypt the message, the recipient requires its own
  • You have to use require('tls') to access this module.

Syntax:

var tls = require('tls');  
  • The tls module uses OpenSSL to attain Transport Layer Security and Secure Socket Layer.
  • TLS/SSL is a public/private key infrastructure.
  • Each client and each server must have a private key.

 nodejs tls/ssl image

Learn Node js - node js Tutorial - nodejs tls/ssl image - node - Node js Examples

One-way TLS/SSL

    The following figure shows TLS/SSL handshaking for one-way authentication between a TLS client and TLS server.
     one way ssm tls

    Learn Node js - node js Tutorial - one way ssl tls - node - Node js Examples

    • The client issues a session request to the server.
    • The server responds with a certificate, which contains its public key. This certificate comes from the server's keystore, which also contains the server's private key. The private key is never sent to the client.
    • For a signed cert, the client makes a request to the Certificate Authority (CA) to authenticates the certificate.
    • The client and server exchange several more messages to validate keys.
    • The client begins TLS data transfer with the server. 

    The following figure shows TLS/SSL handshaking using an optional truststore on the client:

     one way ssl truststore tls

    Learn Node js - node js Tutorial - one way ssl truststore tls - node - Node js Examples

    • If the TLS server uses a self-signed certificate or a certificate that is not signed by a trusted CA, then you create a truststore on the client.
    • The client populates its truststore with server certificates and public keys that it trusts.
    • When the client receives a certificate, the incoming certificate is then validated against the certificates in its truststore. 
    • In one-way TLS, Edge can be either the server or the client:
    Related nodejs article tags - node js - node js tutorial - node js examples

    Edge as the TLS server

    • Edge is the server hosting the TLS endpoint, where the TLS endpoint corresponds to an API proxy deployed to a virtual host.
    • The client is an app attempting to access the API proxy.
    • In this scenario, Edge has the keystore containing the certificate and private key.

    Edge as the TLS client

    • Edge acts as the client that accesses a backend service. In this case, the backend service corresponds to the server hosting a TLS endpoint.
    • The backend server therefore has a keystore that contains its certificate and private key.

    Two-way TLS

    • The following figure shows the TLS/SSL handshaking for two-way TLS authentication between a client and server:
     two way ssl tls

    Learn Node js - node js Tutorial - two way ssl tls - node - Node js Examples

    In two-way TLS:

    • The client and server both have their own keystores. The client's keystore contains its cert and private key, and the server's keystore contains its cert and private key.
    • The TLS server presents its certificate to the TLS client to authenticate itself. The client then verifies the identity of the server prior to sending its cert to the server.
    • The TLS client presents its certificate to the TLS server to authenticate itself to the server. 
    • The following figure shows TLS handshaking using an optional truststore:
     two way ssl truststore tls

    Learn Node js - node js Tutorial - two way ssl truststore tls - node - Node js Examples

    In this scenario:

    • If the TLS server uses a self-signed certificate or a certificate that is not signed by a trusted CA, then you create a truststore on the client.
    • The client has a copy of the server's cert in its truststore. During TLS handshaking, the client compares the cert in its truststore to the cert send from the server to verify the identity of the server.
    • If the TLS client uses a self-signed certificate or a certificate that is not signed by a trusted CA, then you create a truststore on the server.The server has a copy of the client's cert in its truststore.
    • During TLS handshaking, the server compares the cert in its truststore to the cert send from the client to verify the identity of the client.

    Either the client or server can use a truststore, or both can.

    In two-way TLS, Edge can be either the server or the client:

    Edge as the server

    • Edge is the server hosting the TLS endpoint, where the TLS endpoint corresponds to an API proxy.
    • The client is an app attempting to access the API proxy.
    • In this scenario, Edge has a keystore containing the certificate and private key, and requires a truststore containing the client's cert and CA chain.
    Related nodejs article tags - node js - node js tutorial - node js examples

    Edge as the client

    • Edge acts as a client that accesses a backend service. In this case, the backend service corresponds to the server hosting the TLS endpoint.
    • The backend server therefore has a keystore that contains its certificate and private key.
    • Edge must also define a keystore that contains the certificate needed to validate itself to the backend service, and optionally a truststore containing the cert from the backend server if the server uses a self-signed certificate or a certificate that is not signed by a trusted CA,.

    Node.js TLS client example

    Node JS Tutorial File: tls_client.js

    tls = require('tls');  
    function connected(stream) {  
        if (stream) {  
           // socket connected  
          stream.write("GET / HTTP/1.0\n\rHost: encrypted.google.com:443\n\r\n\r");    
        } else {  
          console.log("Connection failed");  
        }  
    }  
     // needed to keep socket variable in scope  
    var dummy = this;  
     // try to connect to the server  
    dummy.socket = tls.connect(443, 'encrypted.google.com', function() {  
       // callback called only after successful socket connection  
       dummy.connected = true;  
       if (dummy.socket.authorized) {  
          // authorization successful  
          dummy.socket.setEncoding('utf-8');  
          connected(dummy.socket);  
       } else {  
          // authorization failed  
         console.log(dummy.socket.authorizationError);  
         connected(null);  
       }  
    });  
     dummy.socket.addListener('data', function(data) {  
       // received data  
       console.log(data);  
    });  
     dummy.socket.addListener('error', function(error) {  
       if (!dummy.connected) {  
         // socket was not connected, notify callback  
         connected(null);  
       }  
       console.log("FAIL");  
       console.log(error);  
    });  
     dummy.socket.addListener('close', function() {  
     // do something  
    });  
    

    Output:

     nodejs tls ssl example1

    Learn Node js - node js Tutorial - nodejs tls ssl example1 - node - Node js Examples


    This wikitechy technological portal provides you whole lot of information related to the topics such as mongodb tutorial , what is node js , express js tutorial , node js tutorial pdf , learn node js , node js tutorial for beginners , node js tutorial w3schools , node js express , javascript for beginners , node js express tutorial , node js tutorial point , node js book , node js server , note js , node js mongodb , what is node js used for , why node js , node tutorial , node js basics , tutorialspoint node js , node express , node js sample application , nodeschool , node js for beginners , express tutorial , node js application , use of node js , npm tutorial , node js org , node js training , node js online training , node js tutorial beginner , how to use node js , node js hello world , express node js , node js mongodb tutorial , nodejs http , why use node js

    Related Searches to Node.js TLS/SSL