nodejs-communication system-https and OpenSSL

About HTTPS

HTTP transport is plaintext data, usually port 80 or 8080,HTTPS is SSL secure encrypted ciphertext data, usually port 443 (www.ayjs.net Yang Yang)

In the actual scenario, both the private key and the public key are stored on the server side, the public key will be transferred to the client, the client randomly sends the message to the server side, and the server side receives the character calculated as a hash value, and then sends it to the client by encrypting it with the private key. The client receives the data and decrypts the previously received public key, decrypts the previously randomly sent message and calculates the hash value, and checks if it is consistent; if the handshake succeeds, the client chooses an encryption algorithm and the corresponding secret key and encrypts it with the public key and sends the server side after the server receives the encryption algorithm and key. We can formally communicate the data.

Creating an HTTPS server OpenSSL environment

Manual compilation is too difficult, I say failed for 3 hours, eventually give up.

Download my uploaded windows compiled by: Baidu Cloud

I copied to the C drive and changed my name to OpenSSL.

If you use the Openssl.exe method, you can only

C:\openssl\bin\openssl.exe Other Commands

Create a private key

Windows version: C:\openssl\bin\openssl.exe genrsa-out C://PRIVATEKEY.PEM 1024 non-Windows endpoints should have their own OpenSSL command.

OpenSSL genrsa-out C://privatekey.pem 1024

Then I'm going to use Windows directly.

Create a certificate signing request

C:\openssl\bin\openssl.exe Req-new-key c://privatekey.pem-out C://CLIENT.CSR

Then enter the information to generate the certificate

Get a certificate

The certificate should be a file signed by a certificate authority that contains information such as the public key provided by the server side and the method of the certificate.

C:\openssl\bin\openssl.exe x509-req-in C://client.csr-signkey c://privatekey.pem-out C://certificate.pem

Create a PFX file

C:\openssl\bin\openssl.exe pkcs12-export-in C://certificate.pem-inkey c://privatekey.pem-out c://certificate.pfx

In these files, the PFX file is an optional file, after the file has been available, you can use the Createserver method in the HTTPS module to create an HTTPS server

I've had 123456 passwords two times.

New Httpsdemo.js

/** * Created by Aaronyang on 2015/10/30. */var https=Require' https ');var fs=Require' FS ');var Privatekey=fs.readfilesync (' C:/privatekey.pem ');var Pc=fs.readfilesync (' C:/certificate.pem ');var options={Key:privatekey,cert:pc} var server=https.createserver (options,  function (req,res) {console.log (Req.url); if (Req.url!== ' Favicon.ico ') {Res.setheader (  ' text/html '); Res.write (  ' Hello ay! HTTPS service '); Res.end ();}) Server.listen (1443, ' localhost ', function (console.log ( ' server started listening ')})        

: Note that the ports below 1024 require administrator privileges to listen

Here the Createserver method with respect to the HTTP more options parameter, this parameter value is too much, I slightly list a few

PFX specifies the public key and certificate that the PFX file reads. After you use this property value, you do not need to specify the key, cert, and CA property values

Passphrase is used to specify a password for a private key file or a PFX file.

* key specifies the private key that is read from the private key file with the suffix named Pem.

Cert: Used to specify a public key that is read from a file with a suffix named PEM. must be specified unless a PFX value is established

CA: is an array of strings or an array of buffer objects that specifies a set of certificates with default attribute values of several noted certificate authority centers, such as Verlsign

Ciphers: Property value is a string that describes the password that needs to be used or de-used. In order to prevent beast attacks, it is recommended that the ciphers attribute be used in conjunction with the Honorcipherorder property to specify the priority of the password for non-CBC (Cipher-block chaining cipher Group link) mode, Default property value is aes128-gcm-sha256:rc4:high:! md5:!anull:! EDH

Requestcert: Boolean, default False, True when the server asks the client for a certificate when confirming the link.

and a handshaketimeout,rejectunauthorized,npnprotocols,sessionidcontext.

Like HTTP, of course, there is a close method, the error method, not listed here, specifically can refer to the HTTP

HTTPS client

In an HTTPS module, you can request data from other Web sites that use the HTTPS protocol by using the request method.

Https.request (Options,callback)

The options parameter is the same as the Createserver parameter.

With the HTTP request, but it's just a little more options parameter

Here is the agent parameter in the options to specify the user agent. In Nodejs, use HTTPS. The agent class represents a user agent. In Nodejs, the user agent defaults to using a keep-alive connection when requesting data, while using a global https. The Agent object. You can explicitly specify an HTTPS for the agent property value. Agent object, you can also automatically pick an HTTPS with a current connection state of shutdown from the connection pool by specifying the agent property value as false. Agent to the next net

For example.

var opt1={Hostname' Npmjs.org ',Port443,path: '/', method:  ' GET ', agent:false}var req=https.request (opt1, function (res) {console.log ( ' status code: ' + Res.statuscode); console.log ( "Response header: ' +  Json.stringify (Res.headers)); Res.setencoding ( ' UTF8 '); Res.on ( function (data) {console.log (   

Of course, there are https.get methods.

When the connection is established, HTTPS is triggered when a port is assigned to the connection. The socket event for the Clientrequest object.

Here is the client sends the request, after 1 seconds the server does not respond, the customer disconnects the request abort

Req.on (socket) {    socket.settimeout (+);    Socket.on (() {Req.abort ();});})  

Req.on (' Error ', function (err) {})

The specific usage can be referred to HTTP to write.

nodejs-communication system-https and OpenSSL