Interface ConnectionOptions

Hierarchy

Properties

ALPNProtocols? autoEncrypter? ca? cancellationToken? cert? checkServerIdentity? ciphers? compressors? connectTimeoutMS? credentials? crl? ecdhCurve? family? generation hints? hostAddress id keepAlive? keepAliveInitialDelay? key? loadBalanced localAddress? localPort? logicalSessionTimeoutMinutes? lookup? metadata minDHSize? monitorCommands noDelay? passphrase? pfx? proxyHost? proxyPassword? proxyPort? proxyUsername? rejectUnauthorized? secureContext? secureProtocol? serverApi? servername? session? socketTimeoutMS? tls

Properties

Optional ALPNProtocols

ALPNProtocols?: Uint8Array | string[] | Uint8Array[]

An array of strings or a Buffer naming possible ALPN protocols. (Protocols should be ordered by their priority.)

Optional autoEncrypter

autoEncrypter?: AutoEncrypter

Optional ca

ca?: string | Buffer | (string | Buffer)[]

Optionally override the trusted CA certificates. Default is to trust the well-known CAs curated by Mozilla. Mozilla's CAs are completely replaced when CAs are explicitly specified using this option.

Optional cancellationToken

cancellationToken?: CancellationToken

Optional cert

cert?: string | Buffer | (string | Buffer)[]

Cert chains in PEM format. One cert chain should be provided per private key. Each cert chain should consist of the PEM formatted certificate for a provided private key, followed by the PEM formatted intermediate certificates (if any), in order, and not including the root CA (the root CA must be pre-known to the peer, see ca). When providing multiple cert chains, they do not have to be in the same order as their private keys in key. If the intermediate certificates are not provided, the peer will not be able to validate the certificate, and the handshake will fail.

Optional checkServerIdentity

checkServerIdentity?: ((hostname, cert) => Error | undefined)

Type declaration

    • (hostname, cert): Error | undefined

    • Verifies the certificate cert is issued to hostname.

      Returns Error object, populating it with reason, host, and cert on failure. On success, returns undefined.

      This function can be overwritten by providing alternative function as part of the options.checkServerIdentity option passed to tls.connect(). The overwriting function can call tls.checkServerIdentity() of course, to augment the checks done with additional verification.

      This function is only called if the certificate passed all other checks, such as being issued by trusted CA (options.ca).

      Parameters

      • hostname: string

        The host name or IP address to verify the certificate against.

      • cert: PeerCertificate

        A certificate object representing the peer's certificate.

      Returns Error | undefined

      Since

      v0.8.4

Optional ciphers

ciphers?: string

Cipher suite specification, replacing the default. For more information, see modifying the default cipher suite. Permitted ciphers can be obtained via tls.getCiphers(). Cipher names must be uppercased in order for OpenSSL to accept them.

Optional compressors

compressors?: ("none" | "snappy" | "zlib" | "zstd")[]

Optional connectTimeoutMS

connectTimeoutMS?: number

Optional credentials

credentials?: MongoCredentials

Optional crl

crl?: string | Buffer | (string | Buffer)[]

PEM formatted CRLs (Certificate Revocation Lists).

Optional ecdhCurve

ecdhCurve?: string

A string describing a named curve or a colon separated list of curve NIDs or names, for example P-521:P-384:P-256, to use for ECDH key agreement. Set to auto to select the curve automatically. Use crypto.getCurves() to obtain a list of available curve names. On recent releases, openssl ecparam -list_curves will also display the name and description of each available elliptic curve. Default: tls.DEFAULT_ECDH_CURVE.

Optional family

family?: number

generation

generation: number

Optional hints

hints?: number

hostAddress

hostAddress: HostAddress

id

id: number | "<monitor>"

Optional keepAlive

keepAlive?: boolean

Deprecated

  • Will not be able to turn off in the future.

Optional keepAliveInitialDelay

keepAliveInitialDelay?: number

Deprecated

  • Will not be configurable in the future.

Optional key

key?: string | Buffer | (Buffer | KeyObject)[]

Private keys in PEM format. PEM allows the option of private keys being encrypted. Encrypted keys will be decrypted with options.passphrase. Multiple keys using different algorithms can be provided either as an array of unencrypted key strings or buffers, or an array of objects in the form {pem: <string|buffer>[, passphrase: ]}. The object form can only occur in an array. object.passphrase is optional. Encrypted keys will be decrypted with object.passphrase if provided, or options.passphrase if it is not.

loadBalanced

loadBalanced: boolean

Optional localAddress

localAddress?: string

Optional localPort

localPort?: number

Optional logicalSessionTimeoutMinutes

logicalSessionTimeoutMinutes?: number

Optional lookup

lookup?: LookupFunction

metadata

metadata: ClientMetadata

Optional minDHSize

minDHSize?: number

monitorCommands

monitorCommands: boolean

Optional noDelay

noDelay?: boolean

Optional passphrase

passphrase?: string

Shared passphrase used for a single private key and/or a PFX.

Optional pfx

pfx?: string | Buffer | (string | Buffer | PxfObject)[]

PFX or PKCS12 encoded private key and certificate chain. pfx is an alternative to providing key and cert individually. PFX is usually encrypted, if it is, passphrase will be used to decrypt it. Multiple PFX can be provided either as an array of unencrypted PFX buffers, or an array of objects in the form {buf: <string|buffer>[, passphrase: ]}. The object form can only occur in an array. object.passphrase is optional. Encrypted PFX will be decrypted with object.passphrase if provided, or options.passphrase if it is not.

Optional proxyHost

proxyHost?: string

Optional proxyPassword

proxyPassword?: string

Optional proxyPort

proxyPort?: number

Optional proxyUsername

proxyUsername?: string

Optional rejectUnauthorized

rejectUnauthorized?: boolean

If true the server will reject any connection which is not authorized with the list of supplied CAs. This option only has an effect if requestCert is true.

Default

true

Optional secureContext

secureContext?: SecureContext

An optional TLS context object from tls.createSecureContext()

Optional secureProtocol

secureProtocol?: string

Legacy mechanism to select the TLS protocol version to use, it does not support independent control of the minimum and maximum version, and does not support limiting the protocol to TLSv1.3. Use minVersion and maxVersion instead. The possible values are listed as SSL_METHODS, use the function names as strings. For example, use 'TLSv1_1_method' to force TLS version 1.1, or 'TLS_method' to allow any TLS protocol version up to TLSv1.3. It is not recommended to use TLS versions less than 1.2, but it may be required for interoperability. Default: none, see minVersion.

Optional serverApi

serverApi?: ServerApi

Optional servername

servername?: string

Optional session

session?: Buffer

An optional Buffer instance containing a TLS session.

Optional socketTimeoutMS

socketTimeoutMS?: number

tls

tls: boolean

Settings

Member Visibility

Theme

On This Page

Generated using TypeDoc