About HTTPS
HTTP transport is plaintext data, usually port 80 or 8080,HTTPS is SSL secure encrypted ciphertext data, usually port 443 (www.ayjs.net Yang Yang)
In the actual scenario, both the private key and the public key are stored on the server side, the public key will be transferred to the client, the client randomly sends the message to the server side, and the server side receives the character calculated as a hash value, and then sends it to the client by encrypting it with the private key. The client receives the data and decrypts the previously received public key, decrypts the previously randomly sent message and calculates the hash value, and checks if it is consistent; if the handshake succeeds, the client chooses an encryption algorithm and the corresponding secret key and encrypts it with the public key and sends the server side after the server receives the encryption algorithm and key. We can formally communicate the data.
Creating an HTTPS server OpenSSL environment
Manual compilation is too difficult, I say failed for 3 hours, eventually give up.
Download my uploaded windows compiled by: Baidu Cloud
I copied to the C drive and changed my name to OpenSSL.
If you use the Openssl.exe method, you can only
C:\openssl\bin\openssl.exe Other Commands
Create a private key
Windows version: C:\openssl\bin\openssl.exe genrsa-out C://PRIVATEKEY.PEM 1024 non-Windows endpoints should have their own OpenSSL command.
OpenSSL genrsa-out C://privatekey.pem 1024
Then I'm going to use Windows directly.
Create a certificate signing request
C:\openssl\bin\openssl.exe Req-new-key c://privatekey.pem-out C://CLIENT.CSR
Then enter the information to generate the certificate
Get a certificate
The certificate should be a file signed by a certificate authority that contains information such as the public key provided by the server side and the method of the certificate.
C:\openssl\bin\openssl.exe x509-req-in C://client.csr-signkey c://privatekey.pem-out C://certificate.pem
Create a PFX file
C:\openssl\bin\openssl.exe pkcs12-export-in C://certificate.pem-inkey c://privatekey.pem-out c://certificate.pfx
In these files, the PFX file is an optional file, after the file has been available, you can use the Createserver method in the HTTPS module to create an HTTPS server
I've had 123456 passwords two times.
New Httpsdemo.js
/** * Created by Aaronyang on 2015/10/30. */var https=Require' https ');var fs=Require' FS ');var Privatekey=fs.readfilesync (' C:/privatekey.pem ');var Pc=fs.readfilesync (' C:/certificate.pem ');var options={Key:privatekey,cert:pc} var server=https.createserver (options, function (req,res) {console.log (Req.url); if (Req.url!== ' Favicon.ico ') {Res.setheader ( ' text/html '); Res.write ( ' Hello ay! HTTPS service '); Res.end ();}) Server.listen (1443, ' localhost ', function (console.log ( ' server started listening ')})
: Note that the ports below 1024 require administrator privileges to listen
Here the Createserver method with respect to the HTTP more options parameter, this parameter value is too much, I slightly list a few
PFX specifies the public key and certificate that the PFX file reads. After you use this property value, you do not need to specify the key, cert, and CA property values
Passphrase is used to specify a password for a private key file or a PFX file.
* key specifies the private key that is read from the private key file with the suffix named Pem.
Cert: Used to specify a public key that is read from a file with a suffix named PEM. must be specified unless a PFX value is established
CA: is an array of strings or an array of buffer objects that specifies a set of certificates with default attribute values of several noted certificate authority centers, such as Verlsign
Ciphers: Property value is a string that describes the password that needs to be used or de-used. In order to prevent beast attacks, it is recommended that the ciphers attribute be used in conjunction with the Honorcipherorder property to specify the priority of the password for non-CBC (Cipher-block chaining cipher Group link) mode, Default property value is aes128-gcm-sha256:rc4:high:! md5:!anull:! EDH
Requestcert: Boolean, default False, True when the server asks the client for a certificate when confirming the link.
and a handshaketimeout,rejectunauthorized,npnprotocols,sessionidcontext.
Like HTTP, of course, there is a close method, the error method, not listed here, specifically can refer to the HTTP
HTTPS client
In an HTTPS module, you can request data from other Web sites that use the HTTPS protocol by using the request method.
Https.request (Options,callback)
The options parameter is the same as the Createserver parameter.
With the HTTP request, but it's just a little more options parameter
Here is the agent parameter in the options to specify the user agent. In Nodejs, use HTTPS. The agent class represents a user agent. In Nodejs, the user agent defaults to using a keep-alive connection when requesting data, while using a global https. The Agent object. You can explicitly specify an HTTPS for the agent property value. Agent object, you can also automatically pick an HTTPS with a current connection state of shutdown from the connection pool by specifying the agent property value as false. Agent to the next net
For example.
var opt1={Hostname' Npmjs.org ',Port443,path: '/', method: ' GET ', agent:false}var req=https.request (opt1, function (res) {console.log ( ' status code: ' + Res.statuscode); console.log ( "Response header: ' + Json.stringify (Res.headers)); Res.setencoding ( ' UTF8 '); Res.on ( function (data) {console.log (
Of course, there are https.get methods.
When the connection is established, HTTPS is triggered when a port is assigned to the connection. The socket event for the Clientrequest object.
Here is the client sends the request, after 1 seconds the server does not respond, the customer disconnects the request abort
Req.on (socket) { socket.settimeout (+); Socket.on (() {Req.abort ();});})
Req.on (' Error ', function (err) {})
The specific usage can be referred to HTTP to write.
nodejs-communication system-https and OpenSSL