如何在 Node.js v11 中使用 TLS 1.3 创建 HTTPS 服务器
[英]How to create HTTPS server with TLS 1.3 in Node.js v11
问题描述
Can i use https module in Node.js v11 to create TLS v1.3 Server? Node.js version is 11.12.0 OpenSSL version is 1.1.1
我可以在 Node.js v11 中使用 https 模块创建 TLS v1.3 服务器吗? Node.js 版本是 11.12.0 OpenSSL 版本是 1.1.1
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('./tls/server.key'),
cert: fs.readFileSync('./tls/server.crt')
};
https.createServer(options, (req, res) => {
console.log('req', req)
res.writeHead(200);
res.end('hello world\n');
}).listen(8443, () => console.log('running'));
Using OpenSSL test it, which is failure使用OpenSSL测试一下,失败
openssl s_client -connect 127.0.0.1:8443 -tls1_3
2 个解决方案
解决方案1
4 2019-10-07 22:00:33
In case somebody stumbles onto this question, nodejs v12 now supports TLS 1.3.如果有人偶然发现这个问题,nodejs v12 现在支持 TLS 1.3。
Here is a sample code snippet that also generates its own self signed certificate for quick testing:这是一个示例代码片段,它也生成自己的自签名证书以进行快速测试:
const https = require("https")
const fs = require("fs");
const forge = require('node-forge')
forge.options.usePureJavaScript = true
const express = require("express")
var pki = forge.pki;
var keys = pki.rsa.generateKeyPair(2048);
var cert = pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear()+1);
var attrs = [{
name: 'commonName',
value: 'www.cooltest.site'
}, {
name: 'countryName',
value: 'US'
}, {
shortName: 'ST',
value: 'Illinois'
}, {
name: 'localityName',
value: 'Downers Grove'
}, {
name: 'organizationName',
value: 'Test'
}, {
shortName: 'OU',
value: 'Test'
}];
cert.setSubject(attrs);
cert.setIssuer(attrs);
cert.setExtensions([{
name: 'basicConstraints',
cA: true
}, {
name: 'keyUsage',
keyCertSign: true,
digitalSignature: true,
nonRepudiation: true,
keyEncipherment: true,
dataEncipherment: true
}, {
name: 'extKeyUsage',
serverAuth: true,
clientAuth: true,
codeSigning: true,
emailProtection: true,
timeStamping: true
}, {
name: 'nsCertType',
client: true,
server: true,
email: true,
objsign: true,
sslCA: true,
emailCA: true,
objCA: true
}, {
name: 'subjectAltName',
altNames: [{
type: 6, // URI
value: 'http://www.mycooltest.site'
}, {
type: 7, // IP
ip: '127.0.0.1'
}]
}, {
name: 'subjectKeyIdentifier'
}]);
cert.sign(keys.privateKey);
var private_key = pki.privateKeyToPem(keys.privateKey);
var public_key = pki.certificateToPem(cert);
// In case you need the newly generated keys displayed or saved
// console.log(public_key);
// console.log(private_key);
// fs.writeFileSync("private.pem",private_key)
// fs.writeFileSync("public.crt",public_key)
const options = {
key: private_key,
cert: public_key
// In case you already have the keys available to you
// key: fs.readFileSync("key.pem"),
// cert: fs.readFileSync("chain.pem")
};
const app = express();
app.use((req, res) => {
res.writeHead(200);
res.end("hello world\n");
});
app.listen(8000);
https.createServer(options, app).listen(8080);
解决方案2
1 已采纳 2019-03-24 15:34:18
According to the official blog post from March 19 TLS1.3 isn't offically supported yet.根据 3 月 19 日的官方博客文章,尚未正式支持 TLS1.3。 https://developer.ibm.com/blogs/tls13-is-coming-to-nodejs/ https://developer.ibm.com/blogs/tls13-is-coming-to-nodejs/
I've spent the beginning of 2019 working through the differences which leak through the API, and have a pull request open.
...
The good news is that there is progress on getting support for TLS 1.3 into Node.js, and you should be able to starting using it soon (hopefully as soon as October when Node.js 12.x goes into LTS).
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.