How to create HTTPS server with TLS 1.3 in Node.js v11
Question
Can i use https module in Node.js v11 to create TLS v1.3 Server? Node.js version is 11.12.0 OpenSSL version is 1.1.1
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('./tls/server.key'),
cert: fs.readFileSync('./tls/server.crt')
};
https.createServer(options, (req, res) => {
console.log('req', req)
res.writeHead(200);
res.end('hello world\n');
}).listen(8443, () => console.log('running'));
Using OpenSSL test it, which is failure
openssl s_client -connect 127.0.0.1:8443 -tls1_3
2 answers
solution1
4 2019-10-07 22:00:33
In case somebody stumbles onto this question, nodejs v12 now supports TLS 1.3.
Here is a sample code snippet that also generates its own self signed certificate for quick testing:
const https = require("https")
const fs = require("fs");
const forge = require('node-forge')
forge.options.usePureJavaScript = true
const express = require("express")
var pki = forge.pki;
var keys = pki.rsa.generateKeyPair(2048);
var cert = pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear()+1);
var attrs = [{
name: 'commonName',
value: 'www.cooltest.site'
}, {
name: 'countryName',
value: 'US'
}, {
shortName: 'ST',
value: 'Illinois'
}, {
name: 'localityName',
value: 'Downers Grove'
}, {
name: 'organizationName',
value: 'Test'
}, {
shortName: 'OU',
value: 'Test'
}];
cert.setSubject(attrs);
cert.setIssuer(attrs);
cert.setExtensions([{
name: 'basicConstraints',
cA: true
}, {
name: 'keyUsage',
keyCertSign: true,
digitalSignature: true,
nonRepudiation: true,
keyEncipherment: true,
dataEncipherment: true
}, {
name: 'extKeyUsage',
serverAuth: true,
clientAuth: true,
codeSigning: true,
emailProtection: true,
timeStamping: true
}, {
name: 'nsCertType',
client: true,
server: true,
email: true,
objsign: true,
sslCA: true,
emailCA: true,
objCA: true
}, {
name: 'subjectAltName',
altNames: [{
type: 6, // URI
value: 'http://www.mycooltest.site'
}, {
type: 7, // IP
ip: '127.0.0.1'
}]
}, {
name: 'subjectKeyIdentifier'
}]);
cert.sign(keys.privateKey);
var private_key = pki.privateKeyToPem(keys.privateKey);
var public_key = pki.certificateToPem(cert);
// In case you need the newly generated keys displayed or saved
// console.log(public_key);
// console.log(private_key);
// fs.writeFileSync("private.pem",private_key)
// fs.writeFileSync("public.crt",public_key)
const options = {
key: private_key,
cert: public_key
// In case you already have the keys available to you
// key: fs.readFileSync("key.pem"),
// cert: fs.readFileSync("chain.pem")
};
const app = express();
app.use((req, res) => {
res.writeHead(200);
res.end("hello world\n");
});
app.listen(8000);
https.createServer(options, app).listen(8080);
solution2
1 ACCPTED 2019-03-24 15:34:18
According to the official blog post from March 19 TLS1.3 isn't offically supported yet. https://developer.ibm.com/blogs/tls13-is-coming-to-nodejs/
I've spent the beginning of 2019 working through the differences which leak through the API, and have a pull request open. Hopefully TLS1.3 will be released in Node.js 11.x soon.
...
The good news is that there is progress on getting support for TLS 1.3 into Node.js, and you should be able to starting using it soon (hopefully as soon as October when Node.js 12.x goes into LTS).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.