UNPKG

@types/node/tls.d.ts

Version:

21.1 kBTypeScriptView Raw

1declare module "tls" {
  import * as crypto from "crypto";
  import * as dns from "dns";
  import * as net from "net";
  import * as stream from "stream";
6
  const CLIENT_RENEG_LIMIT: number;
  const CLIENT_RENEG_WINDOW: number;
9
  interface Certificate {
      /**
       * Country code.
       */
      C: string;
      /**
       * Street.
       */
      ST: string;
      /**
       * Locality.
       */
      L: string;
      /**
       * Organization.
       */
      O: string;
      /**
       * Organizational unit.
       */
      OU: string;
      /**
       * Common name.
       */
      CN: string;
  }
36
  interface PeerCertificate {
      subject: Certificate;
      issuer: Certificate;
      subjectaltname: string;
      infoAccess: { [index: string]: string[] | undefined };
      modulus: string;
      exponent: string;
      valid_from: string;
      valid_to: string;
      fingerprint: string;
      ext_key_usage: string[];
      serialNumber: string;
      raw: Buffer;
  }
51
  interface DetailedPeerCertificate extends PeerCertificate {
      issuerCertificate: DetailedPeerCertificate;
  }
55
  interface CipherNameAndProtocol {
      /**
       * The cipher name.
       */
      name: string;
      /**
       * SSL/TLS protocol version.
       */
      version: string;
  }
66
  interface TLSSocketOptions extends SecureContextOptions, CommonConnectionOptions {
      /**
       * If true the TLS socket will be instantiated in server-mode.
       * Defaults to false.
       */
      isServer?: boolean;
      /**
       * An optional net.Server instance.
       */
      server?: net.Server;
77
      /**
       * An optional Buffer instance containing a TLS session.
       */
      session?: Buffer;
      /**
       * If true, specifies that the OCSP status request extension will be
       * added to the client hello and an 'OCSPResponse' event will be
       * emitted on the socket before establishing a secure communication
       */
      requestOCSP?: boolean;
  }
89
  class TLSSocket extends net.Socket {
      /**
       * Construct a new tls.TLSSocket object from an existing TCP socket.
       */
      constructor(socket: net.Socket, options?: TLSSocketOptions);
95
      /**
       * A boolean that is true if the peer certificate was signed by one of the specified CAs, otherwise false.
       */
      authorized: boolean;
      /**
       * The reason why the peer's certificate has not been verified.
       * This property becomes available only when tlsSocket.authorized === false.
       */
      authorizationError: Error;
      /**
       * Static boolean value, always true.
       * May be used to distinguish TLS sockets from regular ones.
       */
      encrypted: boolean;
110
      /**
       * String containing the selected ALPN protocol.
       * When ALPN has no selected protocol, tlsSocket.alpnProtocol equals false.
       */
      alpnProtocol?: string;
116
      /**
       * Returns an object representing the cipher name and the SSL/TLS protocol version of the current connection.
       * @returns Returns an object representing the cipher name
       * and the SSL/TLS protocol version of the current connection.
       */
      getCipher(): CipherNameAndProtocol;
      /**
       * Returns an object representing the peer's certificate.
       * The returned object has some properties corresponding to the field of the certificate.
       * If detailed argument is true the full chain with issuer property will be returned,
       * if false only the top certificate without issuer property.
       * If the peer does not provide a certificate, it returns null or an empty object.
       * @param detailed - If true; the full chain with issuer property will be returned.
       * @returns An object representing the peer's certificate.
       */
      getPeerCertificate(detailed: true): DetailedPeerCertificate;
      getPeerCertificate(detailed?: false): PeerCertificate;
      getPeerCertificate(detailed?: boolean): PeerCertificate | DetailedPeerCertificate;
      /**
       * Returns a string containing the negotiated SSL/TLS protocol version of the current connection.
       * The value `'unknown'` will be returned for connected sockets that have not completed the handshaking process.
       * The value `null` will be returned for server sockets or disconnected client sockets.
       * See https://www.openssl.org/docs/man1.0.2/ssl/SSL_get_version.html for more information.
       * @returns negotiated SSL/TLS protocol version of the current connection
       */
      getProtocol(): string | null;
      /**
       * Could be used to speed up handshake establishment when reconnecting to the server.
       * @returns ASN.1 encoded TLS session or undefined if none was negotiated.
       */
      getSession(): Buffer | undefined;
      /**
       * NOTE: Works only with client TLS sockets.
       * Useful only for debugging, for session reuse provide session option to tls.connect().
       * @returns TLS session ticket or undefined if none was negotiated.
       */
      getTLSTicket(): Buffer | undefined;
      /**
       * Initiate TLS renegotiation process.
       *
       * NOTE: Can be used to request peer's certificate after the secure connection has been established.
       * ANOTHER NOTE: When running as the server, socket will be destroyed with an error after handshakeTimeout timeout.
       * @param options - The options may contain the following fields: rejectUnauthorized,
       * requestCert (See tls.createServer() for details).
       * @param callback - callback(err) will be executed with null as err, once the renegotiation
       * is successfully completed.
       * @return `undefined` when socket is destroy, `false` if negotiaion can't be initiated.
       */
      renegotiate(options: { rejectUnauthorized?: boolean, requestCert?: boolean }, callback: (err: Error | null) => void): undefined | boolean;
      /**
       * Set maximum TLS fragment size (default and maximum value is: 16384, minimum is: 512).
       * Smaller fragment size decreases buffering latency on the client: large fragments are buffered by
       * the TLS layer until the entire fragment is received and its integrity is verified;
       * large fragments can span multiple roundtrips, and their processing can be delayed due to packet
       * loss or reordering. However, smaller fragments add extra TLS framing bytes and CPU overhead,
       * which may decrease overall server throughput.
       * @param size - TLS fragment size (default and maximum value is: 16384, minimum is: 512).
       * @returns Returns true on success, false otherwise.
       */
      setMaxSendFragment(size: number): boolean;
177
      /**
       * When enabled, TLS packet trace information is written to `stderr`. This can be
       * used to debug TLS connection problems.
       *
       * Note: The format of the output is identical to the output of `openssl s_client
       * -trace` or `openssl s_server -trace`. While it is produced by OpenSSL's
       * `SSL_trace()` function, the format is undocumented, can change without notice,
       * and should not be relied on.
       */
      enableTrace(): void;
188
      addListener(event: string, listener: (...args: any[]) => void): this;
      addListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
      addListener(event: "secureConnect", listener: () => void): this;
      addListener(event: "session", listener: (session: Buffer) => void): this;
      addListener(event: "keylog", listener: (line: Buffer) => void): this;
194
      emit(event: string | symbol, ...args: any[]): boolean;
      emit(event: "OCSPResponse", response: Buffer): boolean;
      emit(event: "secureConnect"): boolean;
      emit(event: "session", session: Buffer): boolean;
      emit(event: "keylog", line: Buffer): boolean;
200
      on(event: string, listener: (...args: any[]) => void): this;
      on(event: "OCSPResponse", listener: (response: Buffer) => void): this;
      on(event: "secureConnect", listener: () => void): this;
      on(event: "session", listener: (session: Buffer) => void): this;
      on(event: "keylog", listener: (line: Buffer) => void): this;
206
      once(event: string, listener: (...args: any[]) => void): this;
      once(event: "OCSPResponse", listener: (response: Buffer) => void): this;
      once(event: "secureConnect", listener: () => void): this;
      once(event: "session", listener: (session: Buffer) => void): this;
      once(event: "keylog", listener: (line: Buffer) => void): this;
212
      prependListener(event: string, listener: (...args: any[]) => void): this;
      prependListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
      prependListener(event: "secureConnect", listener: () => void): this;
      prependListener(event: "session", listener: (session: Buffer) => void): this;
      prependListener(event: "keylog", listener: (line: Buffer) => void): this;
218
      prependOnceListener(event: string, listener: (...args: any[]) => void): this;
      prependOnceListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;
      prependOnceListener(event: "secureConnect", listener: () => void): this;
      prependOnceListener(event: "session", listener: (session: Buffer) => void): this;
      prependOnceListener(event: "keylog", listener: (line: Buffer) => void): this;
  }
225
  interface CommonConnectionOptions {
      /**
       * An optional TLS context object from tls.createSecureContext()
       */
      secureContext?: SecureContext;
231
      /**
       * When enabled, TLS packet trace information is written to `stderr`. This can be
       * used to debug TLS connection problems.
       * @default false
       */
      enableTrace?: boolean;
      /**
       * If true the server will request a certificate from clients that
       * connect and attempt to verify that certificate. Defaults to
       * false.
       */
      requestCert?: boolean;
      /**
       * An array of strings or a Buffer naming possible ALPN protocols.
       * (Protocols should be ordered by their priority.)
       */
      ALPNProtocols?: string[] | Uint8Array[] | Uint8Array;
      /**
       * SNICallback(servername, cb) <Function> A function that will be
       * called if the client supports SNI TLS extension. Two arguments
       * will be passed when called: servername and cb. SNICallback should
       * invoke cb(null, ctx), where ctx is a SecureContext instance.
       * (tls.createSecureContext(...) can be used to get a proper
       * SecureContext.) If SNICallback wasn't provided the default callback
       * with high-level API will be used (see below).
       */
      SNICallback?: (servername: string, cb: (err: Error | null, ctx: SecureContext) => void) => void;
      /**
       * If true the server will reject any connection which is not
       * authorized with the list of supplied CAs. This option only has an
       * effect if requestCert is true.
       * @default true
       */
      rejectUnauthorized?: boolean;
  }
267
  interface TlsOptions extends SecureContextOptions, CommonConnectionOptions {
      handshakeTimeout?: number;
      sessionTimeout?: number;
      ticketKeys?: Buffer;
  }
273
  interface ConnectionOptions extends SecureContextOptions, CommonConnectionOptions {
      host?: string;
      port?: number;
      path?: string; // Creates unix socket connection to path. If this option is specified, `host` and `port` are ignored.
      socket?: net.Socket; // Establish secure connection on a given socket rather than creating a new socket
      checkServerIdentity?: typeof checkServerIdentity;
      servername?: string; // SNI TLS Extension
      session?: Buffer;
      minDHSize?: number;
      lookup?: net.LookupFunction;
      timeout?: number;
  }
286
  class Server extends net.Server {
      addContext(hostName: string, credentials: SecureContextOptions): void;
289
      /**
       * events.EventEmitter
       * 1. tlsClientError
       * 2. newSession
       * 3. OCSPRequest
       * 4. resumeSession
       * 5. secureConnection
       */
      addListener(event: string, listener: (...args: any[]) => void): this;
      addListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
      addListener(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
      addListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
      addListener(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
      addListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
      addListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
305
      emit(event: string | symbol, ...args: any[]): boolean;
      emit(event: "tlsClientError", err: Error, tlsSocket: TLSSocket): boolean;
      emit(event: "newSession", sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void): boolean;
      emit(event: "OCSPRequest", certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void): boolean;
      emit(event: "resumeSession", sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void): boolean;
      emit(event: "secureConnection", tlsSocket: TLSSocket): boolean;
      emit(event: "keylog", line: Buffer, tlsSocket: TLSSocket): boolean;
313
      on(event: string, listener: (...args: any[]) => void): this;
      on(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
      on(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
      on(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
      on(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
      on(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
      on(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
321
      once(event: string, listener: (...args: any[]) => void): this;
      once(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
      once(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
      once(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
      once(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
      once(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
      once(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
329
      prependListener(event: string, listener: (...args: any[]) => void): this;
      prependListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
      prependListener(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
      prependListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
      prependListener(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
      prependListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
      prependListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
337
      prependOnceListener(event: string, listener: (...args: any[]) => void): this;
      prependOnceListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;
      prependOnceListener(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;
      prependOnceListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this;
      prependOnceListener(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;
      prependOnceListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;
      prependOnceListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;
  }
346
  interface SecurePair {
      encrypted: TLSSocket;
      cleartext: TLSSocket;
  }
351
  type SecureVersion = 'TLSv1.3' | 'TLSv1.2' | 'TLSv1.1' | 'TLSv1';
353
  interface SecureContextOptions {
      pfx?: string | Buffer | Array<string | Buffer | Object>;
      key?: string | Buffer | Array<Buffer | Object>;
      passphrase?: string;
      cert?: string | Buffer | Array<string | Buffer>;
      ca?: string | Buffer | Array<string | Buffer>;
      ciphers?: string;
      honorCipherOrder?: boolean;
      ecdhCurve?: string;
      clientCertEngine?: string;
      crl?: string | Buffer | Array<string | Buffer>;
      dhparam?: string | Buffer;
      secureOptions?: number; // Value is a numeric bitmask of the `SSL_OP_*` options
      secureProtocol?: string; // SSL Method, e.g. SSLv23_method
      sessionIdContext?: string;
      /**
       * Optionally set the maximum TLS version to allow. One
       * of `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`. Cannot be specified along with the
       * `secureProtocol` option, use one or the other.
       * **Default:** `'TLSv1.3'`, unless changed using CLI options. Using
       * `--tls-max-v1.2` sets the default to `'TLSv1.2'`. Using `--tls-max-v1.3` sets the default to
       * `'TLSv1.3'`. If multiple of the options are provided, the highest maximum is used.
       */
      maxVersion?: SecureVersion;
      /**
       * Optionally set the minimum TLS version to allow. One
       * of `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`. Cannot be specified along with the
       * `secureProtocol` option, use one or the other.  It is not recommended to use
       * less than TLSv1.2, but it may be required for interoperability.
       * **Default:** `'TLSv1.2'`, unless changed using CLI options. Using
       * `--tls-v1.0` sets the default to `'TLSv1'`. Using `--tls-v1.1` sets the default to
       * `'TLSv1.1'`. Using `--tls-min-v1.3` sets the default to
       * 'TLSv1.3'. If multiple of the options are provided, the lowest minimum is used.
       */
      minVersion?: SecureVersion;
  }
390
  interface SecureContext {
      context: any;
  }
394
  /*
   * Verifies the certificate `cert` is issued to host `host`.
   * @host The hostname to verify the certificate against
   * @cert PeerCertificate representing the peer's certificate
   *
   * Returns Error object, populating it with the reason, host and cert on failure.  On success, returns undefined.
   */
  function checkServerIdentity(host: string, cert: PeerCertificate): Error | undefined;
  function createServer(secureConnectionListener?: (socket: TLSSocket) => void): Server;
  function createServer(options: TlsOptions, secureConnectionListener?: (socket: TLSSocket) => void): Server;
  function connect(options: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
  function connect(port: number, host?: string, options?: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
  function connect(port: number, options?: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;
  /**
   * @deprecated
   */
  function createSecurePair(credentials?: SecureContext, isServer?: boolean, requestCert?: boolean, rejectUnauthorized?: boolean): SecurePair;
  function createSecureContext(details: SecureContextOptions): SecureContext;
  function getCiphers(): string[];
414
  const DEFAULT_ECDH_CURVE: string;
416
  const rootCertificates: ReadonlyArray<string>;
418}

1	`declare module "tls" {`
2	`import * as crypto from "crypto";`
3	`import * as dns from "dns";`
4	`import * as net from "net";`
5	`import * as stream from "stream";`
6
7	`const CLIENT_RENEG_LIMIT: number;`
8	`const CLIENT_RENEG_WINDOW: number;`
9
10	`interface Certificate {`
11	`/**`
12	`* Country code.`
13	`*/`
14	`C: string;`
15	`/**`
16	`* Street.`
17	`*/`
18	`ST: string;`
19	`/**`
20	`* Locality.`
21	`*/`
22	`L: string;`
23	`/**`
24	`* Organization.`
25	`*/`
26	`O: string;`
27	`/**`
28	`* Organizational unit.`
29	`*/`
30	`OU: string;`
31	`/**`
32	`* Common name.`
33	`*/`
34	`CN: string;`
35	`}`
36
37	`interface PeerCertificate {`
38	`subject: Certificate;`
39	`issuer: Certificate;`
40	`subjectaltname: string;`
41	`infoAccess: { [index: string]: string[] \| undefined };`
42	`modulus: string;`
43	`exponent: string;`
44	`valid_from: string;`
45	`valid_to: string;`
46	`fingerprint: string;`
47	`ext_key_usage: string[];`
48	`serialNumber: string;`
49	`raw: Buffer;`
50	`}`
51
52	`interface DetailedPeerCertificate extends PeerCertificate {`
53	`issuerCertificate: DetailedPeerCertificate;`
54	`}`
55
56	`interface CipherNameAndProtocol {`
57	`/**`
58	`* The cipher name.`
59	`*/`
60	`name: string;`
61	`/**`
62	`* SSL/TLS protocol version.`
63	`*/`
64	`version: string;`
65	`}`
66
67	`interface TLSSocketOptions extends SecureContextOptions, CommonConnectionOptions {`
68	`/**`
69	`* If true the TLS socket will be instantiated in server-mode.`
70	`* Defaults to false.`
71	`*/`
72	`isServer?: boolean;`
73	`/**`
74	`* An optional net.Server instance.`
75	`*/`
76	`server?: net.Server;`
77
78	`/**`
79	`* An optional Buffer instance containing a TLS session.`
80	`*/`
81	`session?: Buffer;`
82	`/**`
83	`* If true, specifies that the OCSP status request extension will be`
84	`* added to the client hello and an 'OCSPResponse' event will be`
85	`* emitted on the socket before establishing a secure communication`
86	`*/`
87	`requestOCSP?: boolean;`
88	`}`
89
90	`class TLSSocket extends net.Socket {`
91	`/**`
92	`* Construct a new tls.TLSSocket object from an existing TCP socket.`
93	`*/`
94	`constructor(socket: net.Socket, options?: TLSSocketOptions);`
95
96	`/**`
97	`* A boolean that is true if the peer certificate was signed by one of the specified CAs, otherwise false.`
98	`*/`
99	`authorized: boolean;`
100	`/**`
101	`* The reason why the peer's certificate has not been verified.`
102	`* This property becomes available only when tlsSocket.authorized === false.`
103	`*/`
104	`authorizationError: Error;`
105	`/**`
106	`* Static boolean value, always true.`
107	`* May be used to distinguish TLS sockets from regular ones.`
108	`*/`
109	`encrypted: boolean;`
110
111	`/**`
112	`* String containing the selected ALPN protocol.`
113	`* When ALPN has no selected protocol, tlsSocket.alpnProtocol equals false.`
114	`*/`
115	`alpnProtocol?: string;`
116
117	`/**`
118	`* Returns an object representing the cipher name and the SSL/TLS protocol version of the current connection.`
119	`* @returns Returns an object representing the cipher name`
120	`* and the SSL/TLS protocol version of the current connection.`
121	`*/`
122	`getCipher(): CipherNameAndProtocol;`
123	`/**`
124	`* Returns an object representing the peer's certificate.`
125	`* The returned object has some properties corresponding to the field of the certificate.`
126	`* If detailed argument is true the full chain with issuer property will be returned,`
127	`* if false only the top certificate without issuer property.`
128	`* If the peer does not provide a certificate, it returns null or an empty object.`
129	`* @param detailed - If true; the full chain with issuer property will be returned.`
130	`* @returns An object representing the peer's certificate.`
131	`*/`
132	`getPeerCertificate(detailed: true): DetailedPeerCertificate;`
133	`getPeerCertificate(detailed?: false): PeerCertificate;`
134	`getPeerCertificate(detailed?: boolean): PeerCertificate \| DetailedPeerCertificate;`
135	`/**`
136	`* Returns a string containing the negotiated SSL/TLS protocol version of the current connection.`
137	* The value `'unknown'` will be returned for connected sockets that have not completed the handshaking process.
138	* The value `null` will be returned for server sockets or disconnected client sockets.
139	`* See https://www.openssl.org/docs/man1.0.2/ssl/SSL_get_version.html for more information.`
140	`* @returns negotiated SSL/TLS protocol version of the current connection`
141	`*/`
142	`getProtocol(): string \| null;`
143	`/**`
144	`* Could be used to speed up handshake establishment when reconnecting to the server.`
145	`* @returns ASN.1 encoded TLS session or undefined if none was negotiated.`
146	`*/`
147	`getSession(): Buffer \| undefined;`
148	`/**`
149	`* NOTE: Works only with client TLS sockets.`
150	`* Useful only for debugging, for session reuse provide session option to tls.connect().`
151	`* @returns TLS session ticket or undefined if none was negotiated.`
152	`*/`
153	`getTLSTicket(): Buffer \| undefined;`
154	`/**`
155	`* Initiate TLS renegotiation process.`
156	`*`
157	`* NOTE: Can be used to request peer's certificate after the secure connection has been established.`
158	`* ANOTHER NOTE: When running as the server, socket will be destroyed with an error after handshakeTimeout timeout.`
159	`* @param options - The options may contain the following fields: rejectUnauthorized,`
160	`* requestCert (See tls.createServer() for details).`
161	`* @param callback - callback(err) will be executed with null as err, once the renegotiation`
162	`* is successfully completed.`
163	* @return `undefined` when socket is destroy, `false` if negotiaion can't be initiated.
164	`*/`
165	`renegotiate(options: { rejectUnauthorized?: boolean, requestCert?: boolean }, callback: (err: Error \| null) => void): undefined \| boolean;`
166	`/**`
167	`* Set maximum TLS fragment size (default and maximum value is: 16384, minimum is: 512).`
168	`* Smaller fragment size decreases buffering latency on the client: large fragments are buffered by`
169	`* the TLS layer until the entire fragment is received and its integrity is verified;`
170	`* large fragments can span multiple roundtrips, and their processing can be delayed due to packet`
171	`* loss or reordering. However, smaller fragments add extra TLS framing bytes and CPU overhead,`
172	`* which may decrease overall server throughput.`
173	`* @param size - TLS fragment size (default and maximum value is: 16384, minimum is: 512).`
174	`* @returns Returns true on success, false otherwise.`
175	`*/`
176	`setMaxSendFragment(size: number): boolean;`
177
178	`/**`
179	* When enabled, TLS packet trace information is written to `stderr`. This can be
180	`* used to debug TLS connection problems.`
181	`*`
182	* Note: The format of the output is identical to the output of `openssl s_client
183	* -trace` or `openssl s_server -trace`. While it is produced by OpenSSL's
184	* `SSL_trace()` function, the format is undocumented, can change without notice,
185	`* and should not be relied on.`
186	`*/`
187	`enableTrace(): void;`
188
189	`addListener(event: string, listener: (...args: any[]) => void): this;`
190	`addListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;`
191	`addListener(event: "secureConnect", listener: () => void): this;`
192	`addListener(event: "session", listener: (session: Buffer) => void): this;`
193	`addListener(event: "keylog", listener: (line: Buffer) => void): this;`
194
195	`emit(event: string \| symbol, ...args: any[]): boolean;`
196	`emit(event: "OCSPResponse", response: Buffer): boolean;`
197	`emit(event: "secureConnect"): boolean;`
198	`emit(event: "session", session: Buffer): boolean;`
199	`emit(event: "keylog", line: Buffer): boolean;`
200
201	`on(event: string, listener: (...args: any[]) => void): this;`
202	`on(event: "OCSPResponse", listener: (response: Buffer) => void): this;`
203	`on(event: "secureConnect", listener: () => void): this;`
204	`on(event: "session", listener: (session: Buffer) => void): this;`
205	`on(event: "keylog", listener: (line: Buffer) => void): this;`
206
207	`once(event: string, listener: (...args: any[]) => void): this;`
208	`once(event: "OCSPResponse", listener: (response: Buffer) => void): this;`
209	`once(event: "secureConnect", listener: () => void): this;`
210	`once(event: "session", listener: (session: Buffer) => void): this;`
211	`once(event: "keylog", listener: (line: Buffer) => void): this;`
212
213	`prependListener(event: string, listener: (...args: any[]) => void): this;`
214	`prependListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;`
215	`prependListener(event: "secureConnect", listener: () => void): this;`
216	`prependListener(event: "session", listener: (session: Buffer) => void): this;`
217	`prependListener(event: "keylog", listener: (line: Buffer) => void): this;`
218
219	`prependOnceListener(event: string, listener: (...args: any[]) => void): this;`
220	`prependOnceListener(event: "OCSPResponse", listener: (response: Buffer) => void): this;`
221	`prependOnceListener(event: "secureConnect", listener: () => void): this;`
222	`prependOnceListener(event: "session", listener: (session: Buffer) => void): this;`
223	`prependOnceListener(event: "keylog", listener: (line: Buffer) => void): this;`
224	`}`
225
226	`interface CommonConnectionOptions {`
227	`/**`
228	`* An optional TLS context object from tls.createSecureContext()`
229	`*/`
230	`secureContext?: SecureContext;`
231
232	`/**`
233	* When enabled, TLS packet trace information is written to `stderr`. This can be
234	`* used to debug TLS connection problems.`
235	`* @default false`
236	`*/`
237	`enableTrace?: boolean;`
238	`/**`
239	`* If true the server will request a certificate from clients that`
240	`* connect and attempt to verify that certificate. Defaults to`
241	`* false.`
242	`*/`
243	`requestCert?: boolean;`
244	`/**`
245	`* An array of strings or a Buffer naming possible ALPN protocols.`
246	`* (Protocols should be ordered by their priority.)`
247	`*/`
248	`ALPNProtocols?: string[] \| Uint8Array[] \| Uint8Array;`
249	`/**`
250	`* SNICallback(servername, cb) <Function> A function that will be`
251	`* called if the client supports SNI TLS extension. Two arguments`
252	`* will be passed when called: servername and cb. SNICallback should`
253	`* invoke cb(null, ctx), where ctx is a SecureContext instance.`
254	`* (tls.createSecureContext(...) can be used to get a proper`
255	`* SecureContext.) If SNICallback wasn't provided the default callback`
256	`* with high-level API will be used (see below).`
257	`*/`
258	`SNICallback?: (servername: string, cb: (err: Error \| null, ctx: SecureContext) => void) => void;`
259	`/**`
260	`* If true the server will reject any connection which is not`
261	`* authorized with the list of supplied CAs. This option only has an`
262	`* effect if requestCert is true.`
263	`* @default true`
264	`*/`
265	`rejectUnauthorized?: boolean;`
266	`}`
267
268	`interface TlsOptions extends SecureContextOptions, CommonConnectionOptions {`
269	`handshakeTimeout?: number;`
270	`sessionTimeout?: number;`
271	`ticketKeys?: Buffer;`
272	`}`
273
274	`interface ConnectionOptions extends SecureContextOptions, CommonConnectionOptions {`
275	`host?: string;`
276	`port?: number;`
277	path?: string; // Creates unix socket connection to path. If this option is specified, `host` and `port` are ignored.
278	`socket?: net.Socket; // Establish secure connection on a given socket rather than creating a new socket`
279	`checkServerIdentity?: typeof checkServerIdentity;`
280	`servername?: string; // SNI TLS Extension`
281	`session?: Buffer;`
282	`minDHSize?: number;`
283	`lookup?: net.LookupFunction;`
284	`timeout?: number;`
285	`}`
286
287	`class Server extends net.Server {`
288	`addContext(hostName: string, credentials: SecureContextOptions): void;`
289
290	`/**`
291	`* events.EventEmitter`
292	`* 1. tlsClientError`
293	`* 2. newSession`
294	`* 3. OCSPRequest`
295	`* 4. resumeSession`
296	`* 5. secureConnection`
297	`*/`
298	`addListener(event: string, listener: (...args: any[]) => void): this;`
299	`addListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;`
300	`addListener(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;`
301	`addListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error \| null, resp: Buffer) => void) => void): this;`
302	`addListener(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;`
303	`addListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;`
304	`addListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;`
305
306	`emit(event: string \| symbol, ...args: any[]): boolean;`
307	`emit(event: "tlsClientError", err: Error, tlsSocket: TLSSocket): boolean;`
308	`emit(event: "newSession", sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void): boolean;`
309	`emit(event: "OCSPRequest", certificate: Buffer, issuer: Buffer, callback: (err: Error \| null, resp: Buffer) => void): boolean;`
310	`emit(event: "resumeSession", sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void): boolean;`
311	`emit(event: "secureConnection", tlsSocket: TLSSocket): boolean;`
312	`emit(event: "keylog", line: Buffer, tlsSocket: TLSSocket): boolean;`
313
314	`on(event: string, listener: (...args: any[]) => void): this;`
315	`on(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;`
316	`on(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;`
317	`on(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error \| null, resp: Buffer) => void) => void): this;`
318	`on(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;`
319	`on(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;`
320	`on(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;`
321
322	`once(event: string, listener: (...args: any[]) => void): this;`
323	`once(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;`
324	`once(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;`
325	`once(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error \| null, resp: Buffer) => void) => void): this;`
326	`once(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;`
327	`once(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;`
328	`once(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;`
329
330	`prependListener(event: string, listener: (...args: any[]) => void): this;`
331	`prependListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;`
332	`prependListener(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;`
333	`prependListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error \| null, resp: Buffer) => void) => void): this;`
334	`prependListener(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;`
335	`prependListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;`
336	`prependListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;`
337
338	`prependOnceListener(event: string, listener: (...args: any[]) => void): this;`
339	`prependOnceListener(event: "tlsClientError", listener: (err: Error, tlsSocket: TLSSocket) => void): this;`
340	`prependOnceListener(event: "newSession", listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this;`
341	`prependOnceListener(event: "OCSPRequest", listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error \| null, resp: Buffer) => void) => void): this;`
342	`prependOnceListener(event: "resumeSession", listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this;`
343	`prependOnceListener(event: "secureConnection", listener: (tlsSocket: TLSSocket) => void): this;`
344	`prependOnceListener(event: "keylog", listener: (line: Buffer, tlsSocket: TLSSocket) => void): this;`
345	`}`
346
347	`interface SecurePair {`
348	`encrypted: TLSSocket;`
349	`cleartext: TLSSocket;`
350	`}`
351
352	`type SecureVersion = 'TLSv1.3' \| 'TLSv1.2' \| 'TLSv1.1' \| 'TLSv1';`
353
354	`interface SecureContextOptions {`
355	`pfx?: string \| Buffer \| Array<string \| Buffer \| Object>;`
356	`key?: string \| Buffer \| Array<Buffer \| Object>;`
357	`passphrase?: string;`
358	`cert?: string \| Buffer \| Array<string \| Buffer>;`
359	`ca?: string \| Buffer \| Array<string \| Buffer>;`
360	`ciphers?: string;`
361	`honorCipherOrder?: boolean;`
362	`ecdhCurve?: string;`
363	`clientCertEngine?: string;`
364	`crl?: string \| Buffer \| Array<string \| Buffer>;`
365	`dhparam?: string \| Buffer;`
366	secureOptions?: number; // Value is a numeric bitmask of the `SSL_OP_*` options
367	`secureProtocol?: string; // SSL Method, e.g. SSLv23_method`
368	`sessionIdContext?: string;`
369	`/**`
370	`* Optionally set the maximum TLS version to allow. One`
371	* of `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`. Cannot be specified along with the
372	* `secureProtocol` option, use one or the other.
373	* Default: `'TLSv1.3'`, unless changed using CLI options. Using
374	* `--tls-max-v1.2` sets the default to `'TLSv1.2'`. Using `--tls-max-v1.3` sets the default to
375	* `'TLSv1.3'`. If multiple of the options are provided, the highest maximum is used.
376	`*/`
377	`maxVersion?: SecureVersion;`
378	`/**`
379	`* Optionally set the minimum TLS version to allow. One`
380	* of `'TLSv1.3'`, `'TLSv1.2'`, `'TLSv1.1'`, or `'TLSv1'`. Cannot be specified along with the
381	* `secureProtocol` option, use one or the other. It is not recommended to use
382	`* less than TLSv1.2, but it may be required for interoperability.`
383	* Default: `'TLSv1.2'`, unless changed using CLI options. Using
384	* `--tls-v1.0` sets the default to `'TLSv1'`. Using `--tls-v1.1` sets the default to
385	* `'TLSv1.1'`. Using `--tls-min-v1.3` sets the default to
386	`* 'TLSv1.3'. If multiple of the options are provided, the lowest minimum is used.`
387	`*/`
388	`minVersion?: SecureVersion;`
389	`}`
390
391	`interface SecureContext {`
392	`context: any;`
393	`}`
394
395	`/*`
396	* Verifies the certificate `cert` is issued to host `host`.
397	`* @host The hostname to verify the certificate against`
398	`* @cert PeerCertificate representing the peer's certificate`
399	`*`
400	`* Returns Error object, populating it with the reason, host and cert on failure. On success, returns undefined.`
401	`*/`
402	`function checkServerIdentity(host: string, cert: PeerCertificate): Error \| undefined;`
403	`function createServer(secureConnectionListener?: (socket: TLSSocket) => void): Server;`
404	`function createServer(options: TlsOptions, secureConnectionListener?: (socket: TLSSocket) => void): Server;`
405	`function connect(options: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;`
406	`function connect(port: number, host?: string, options?: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;`
407	`function connect(port: number, options?: ConnectionOptions, secureConnectListener?: () => void): TLSSocket;`
408	`/**`
409	`* @deprecated`
410	`*/`
411	`function createSecurePair(credentials?: SecureContext, isServer?: boolean, requestCert?: boolean, rejectUnauthorized?: boolean): SecurePair;`
412	`function createSecureContext(details: SecureContextOptions): SecureContext;`
413	`function getCiphers(): string[];`
414
415	`const DEFAULT_ECDH_CURVE: string;`
416
417	`const rootCertificates: ReadonlyArray<string>;`
418	`}`