- Notifications
You must be signed in to change notification settings - Fork11
Datagram Transport Layer Security (DTLS) client.
License
nodertc/dtls
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Secure UDP communications using Datagram Transport Layer Security protocol version 1.2 inpure js. FollowRFC6347,RFC7627.
- no native dependecies!
- modern secure ciphers (by default)
- in-out fragmentation / in-out retransmission
- merge outgoing handshakes
npm i @nodertc/dtlsconstdtls=require('@nodertc/dtls');constsocket=dtls.connect({type:'udp4',remotePort:4444,remoteAddress:'127.0.0.1',});socket.on('error',err=>{console.error(err);});socket.on('data',data=>{console.log('got message "%s"',data.toString('ascii'));socket.close();});socket.once('connect',()=>{socket.write('Hello from Node.js!');});
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (nodejs v11.2+ only)
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (nodejs v11.2+ only)
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 (nodejs v11.2+ only)
- TLS_PSK_WITH_AES_128_GCM_SHA256
- TLS_PSK_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
dtls.connect(options: Options [, callback: function]) : Socket
Creates an esteblished connection to remote dtls server. Aconnect() function also accept all options forunicast.createSocket() ordgram.createSocket(). Ifoptions.socket is provided, these options will be ignored.
Thecallback function, if specified, will be added as a listener for the 'connect' event.
options.socket
Aduplex stream in a common case. It is alsounicast ordgram socket instance. Used if you want a low level control of your connection.
options.extendedMasterSecret: bool, [default=true]
This option enable the useExtended Master Secret extension. Enabled by default.
options.checkServerIdentity: function(certificate): bool
Optional certificate verify function.
options.certificate: Buffer
PEM-encoded client certificate, optional. Supports RSASSA-PKCS1-v1_5 and ECDSA certificates.
options.certificatePrivateKey: Buffer
PEM-encoded private key for client certificate.
options.maxHandshakeRetransmissions: number
The number of retransmissions during on handshake stage.
options.alpn: string | string[]
The list of the supported ALPN protocols.
options.pskIdentity: String|Buffer
Identity string for PSK key exchange, seeRFC4279.
options.pskSecret: String|Buffer
Secret data for the identity string of PSK key exchange.
options.ignorePSKIdentityHint: boolean, default=true
Both clients and servers may have pre-shared keys with several different parties. The client indicates which key to use by including a "PSK identity" (seeoptions.pskIdentity above) in the ClientKeyExchange message. To help the client in selecting which identity to use, the server can provide a "PSK identity hint" in the ServerKeyExchange message.
options.cipherSuites: number[]|string[]
List of supported by client cipher suites. Default cipher suites:
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (in nodejs v11+ only)
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (in nodejs v11+ only)
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
See above a full list of supported cipher suites.
class Socket
ASocket is also aduplex stream, so it can be both readable and writable, and it is also aEventEmitter.
Socket.setMTU(mtu: number): void
Set MTU (minimal transfer unit) for this socket, 1420 bytes maximal.
Socket.getMTU(): number
Return MTU (minimal transfer unit) for this socket, 1200 bytes by default.
Socket.setTimeout(timeout: number[, callback: function()])
Sets the socket to timeout after timeout milliseconds of inactivity on the socket. By defaultdtls.Socket do not have a timeout.
The optional callback parameter will be added as a one-time listener for the 'timeout' event.
Socket.close(): void
Close socket, stop listening for socket. Do not emitdata events anymore.
Socket.alpnProtocol: string
Get a string that contains the selected ALPN protocol.
Event: connect
The 'connect' event is emitted after the handshaking process for a new connection has successfully completed.
Event: timeout
Emitted if the socket times out from inactivity. This is only to notify that the socket has been idle.
dtls.constants: ObjectcipherSuites: ObjectA full list supported cipher suites. See above for detailes.
Start dtls server:
docker run -it --name dtlsd --rm -e"GNUTLS_DEBUG_LEVEL=2" -e"PRIORITY=NORMAL:+AEAD:+ECDHE-RSA:+VERS-DTLS1.2" -e"KEYFILE=key-rsa.pem" -e"CERTFILE=cert-rsa.pem" -p 4444:4444/udp nodertc/dtls-server:1
Start default client:
npm start
MIT, 2018 - 2019 © Dmitriy Tsvettsikh