Skip to content

Instantly share code, notes, and snippets.

@anhldbk

anhldbk/README.md

Last active February 27, 2025 07:18
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save anhldbk/3ea07d006c0fd411f19c0e362d4e0ec0 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save anhldbk/3ea07d006c0fd411f19c0e362d4e0ec0 to your computer and use it in GitHub Desktop.
Download ZIP
TLS client & server in NodeJS
Raw
README.md

1. Overview

This is an example of using module tls in NodeJS to create a client securely connecting to a TLS server.

It is a modified version from documentation about TLS, in which:

  • The server is a simple echo one. Clients connect to it, get the same thing back if they send anything to the server.
  • The server is a TLS-based server.
  • Clients somehow get the server's public key and use it to work securely with the server

2. Preparation

We need to generate keys & certs for the server. Pay attention to Common Name (e.g. server FQDN or YOUR name) when creating server-csr.pem. It should be your domain name.

$ mkdir tls
$ cd tls
$ openssl genrsa -out server-key.pem 4096
$ openssl req -new -key server-key.pem -out server-csr.pem
$ openssl x509 -req -in server-csr.pem -signkey server-key.pem -out server-cert.pem

For example:

$ openssl req -new -key server-key.pem -out server-csr.pem
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:VN
State or Province Name (full name) [Some-State]:Hanoi
Locality Name (eg, city) []:Hanoi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Evolas Technologies
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:evolastech.com
Email Address []:hi@evolastech.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

3. Run the demo

$ node server.js &
$ node client.js &

You may have following things printed out:

server bound
server connected unauthorized
client connected authorized
welcome!
Raw
client.js
const tls = require('tls');
const fs = require('fs');
const options = {
ca: [ fs.readFileSync('server-cert.pem') ]
};
var socket = tls.connect(8000, 'evolastech.com', options, () => {
console.log('client connected',
socket.authorized ? 'authorized' : 'unauthorized');
process.stdin.pipe(socket);
process.stdin.resume();
});
socket.setEncoding('utf8');
socket.on('data', (data) => {
console.log(data);
});
socket.on('end', () => {
console.log('Ended')
});
Raw
sever.js
const tls = require('tls');
const fs = require('fs');
const options = {
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-cert.pem'),
rejectUnauthorized: true,
};
const server = tls.createServer(options, (socket) => {
console.log('server connected',
socket.authorized ? 'authorized' : 'unauthorized');
socket.write('welcome!\n');
socket.setEncoding('utf8');
socket.pipe(socket);
});
server.listen(8000, () => {
console.log('server bound');
});
@heijmerikx
Copy link
Copy Markdown

heijmerikx commented Mar 12, 2021

Thanks for this, helped me start my PoC quicker!

@AfJalili
Copy link
Copy Markdown

AfJalili commented Jul 3, 2021

Thanks it helped

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment