Can i use https module in Node.js v11 to create TLS v1.3 Server? Node.js version is 11.12.0 OpenSSL version is 1.1.1
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('./tls/server.key'),
cert: fs.readFileSync('./tls/server.crt')
};
https.createServer(options, (req, res) => {
console.log('req', req)
res.writeHead(200);
res.end('hello world\n');
}).listen(8443, () => console.log('running'));
Using OpenSSL test it, which is failure
openssl s_client -connect 127.0.0.1:8443 -tls1_3
Can i use https module in Node.js v11 to create TLS v1.3 Server? Node.js version is 11.12.0 OpenSSL version is 1.1.1
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('./tls/server.key'),
cert: fs.readFileSync('./tls/server.crt')
};
https.createServer(options, (req, res) => {
console.log('req', req)
res.writeHead(200);
res.end('hello world\n');
}).listen(8443, () => console.log('running'));
Using OpenSSL test it, which is failure
openssl s_client -connect 127.0.0.1:8443 -tls1_3
- Make sure you you are using OpenSSL 1.1.1b. – Robert Commented Mar 24, 2019 at 15:31
2 Answers
Reset to default 4In case somebody stumbles onto this question, nodejs v12 now supports TLS 1.3.
Here is a sample code snippet that also generates its own self signed certificate for quick testing:
const https = require("https")
const fs = require("fs");
const forge = require('node-forge')
forge.options.usePureJavaScript = true
const express = require("express")
var pki = forge.pki;
var keys = pki.rsa.generateKeyPair(2048);
var cert = pki.createCertificate();
cert.publicKey = keys.publicKey;
cert.serialNumber = '01';
cert.validity.notBefore = new Date();
cert.validity.notAfter = new Date();
cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear()+1);
var attrs = [{
name: 'monName',
value: 'www.cooltest.site'
}, {
name: 'countryName',
value: 'US'
}, {
shortName: 'ST',
value: 'Illinois'
}, {
name: 'localityName',
value: 'Downers Grove'
}, {
name: 'organizationName',
value: 'Test'
}, {
shortName: 'OU',
value: 'Test'
}];
cert.setSubject(attrs);
cert.setIssuer(attrs);
cert.setExtensions([{
name: 'basicConstraints',
cA: true
}, {
name: 'keyUsage',
keyCertSign: true,
digitalSignature: true,
nonRepudiation: true,
keyEncipherment: true,
dataEncipherment: true
}, {
name: 'extKeyUsage',
serverAuth: true,
clientAuth: true,
codeSigning: true,
emailProtection: true,
timeStamping: true
}, {
name: 'nsCertType',
client: true,
server: true,
email: true,
objsign: true,
sslCA: true,
emailCA: true,
objCA: true
}, {
name: 'subjectAltName',
altNames: [{
type: 6, // URI
value: 'http://www.mycooltest.site'
}, {
type: 7, // IP
ip: '127.0.0.1'
}]
}, {
name: 'subjectKeyIdentifier'
}]);
cert.sign(keys.privateKey);
var private_key = pki.privateKeyToPem(keys.privateKey);
var public_key = pki.certificateToPem(cert);
// In case you need the newly generated keys displayed or saved
// console.log(public_key);
// console.log(private_key);
// fs.writeFileSync("private.pem",private_key)
// fs.writeFileSync("public.crt",public_key)
const options = {
key: private_key,
cert: public_key
// In case you already have the keys available to you
// key: fs.readFileSync("key.pem"),
// cert: fs.readFileSync("chain.pem")
};
const app = express();
app.use((req, res) => {
res.writeHead(200);
res.end("hello world\n");
});
app.listen(8000);
https.createServer(options, app).listen(8080);
According to the official blog post from March 19 TLS1.3 isn't offically supported yet. https://developer.ibm./blogs/tls13-is-ing-to-nodejs/
I’ve spent the beginning of 2019 working through the differences which leak through the API, and have a pull request open. Hopefully TLS1.3 will be released in Node.js 11.x soon.
...
The good news is that there is progress on getting support for TLS 1.3 into Node.js, and you should be able to starting using it soon (hopefully as soon as October when Node.js 12.x goes into LTS).