Interface nsITLSSocketControlType

Hierarchy

Properties

KEAKeyBits KEAUsed MACAlgorithmUsed SSLVersionOffered SSLVersionUsed clientCertSent denyClientCert earlyDataAccepted echConfig esniTxt failedVerification peerId providerFlags retryEchConfig securityInfo

Methods

AddRef QueryInterface Release StartTLS asyncGetSecurityInfo disableEarlyData driveHandshake getAlpnEarlySelection isAcceptableForHost joinConnection proxyStartSSL setHandshakeCallbackListener setNPNList testJoinConnection

Properties

Readonly KEAKeyBits

KEAKeyBits: number

Readonly KEAUsed

KEAUsed: number

The Key Exchange Algorithm is used when determining whether or not HTTP/2 can be used.

After a handshake is complete it can be read from KEAUsed. The values correspond to the SSLKEAType enum in NSS or the KEY_EXCHANGE_UNKNOWN constant defined below.

KEAKeyBits is the size/security-level used for the KEA.

Readonly MACAlgorithmUsed

MACAlgorithmUsed: number

Readonly SSLVersionOffered

SSLVersionOffered: number

Readonly SSLVersionUsed

SSLVersionUsed: number

Readonly clientCertSent

clientCertSent: boolean

True iff a client cert has been sent to the server - i.e. this socket has been client-cert authenticated.

denyClientCert

denyClientCert: boolean

If set to true before the server requests a client cert no cert will be sent.

Readonly earlyDataAccepted

earlyDataAccepted: bool

If 0RTT handshake was applied and some data has been sent, as soon as the handshake finishes this attribute will be set to appropriate value.

echConfig

echConfig: string

echConfig is defined for conveying the ECH configuration. This is encoded in base64.

esniTxt

esniTxt: string

esniTxt is a string that consists of the concatenated _esni. TXT records. This is a base64 encoded ESNIKeys structure.

Readonly failedVerification

failedVerification: boolean

failedVerification is true if any enforced certificate checks have failed. Connections that have not yet tried to verify, or are using acceptable exceptions will all return false.

Readonly peerId

peerId: string

The id used to uniquely identify the connection to the peer.

Readonly providerFlags

providerFlags: uint32_t

The original flags from the socket provider.

Readonly retryEchConfig

retryEchConfig: string

The echConfig that should be used to retry for the connection setup.

Readonly securityInfo

securityInfo: nsITransportSecurityInfo

The securityInfo of the TLS handshake.

Methods

AddRef

  • Increases the reference count for this interface. The associated instance will not be deleted unless the reference count is returned to zero.

    Returns

    The resulting reference count.

    Returns number

QueryInterface

  • Parameters

    • aIID: object
    • Optional aInstancePtr: object

    Returns any

  • A run time mechanism for interface discovery.

    Returns

    NS_OK if the interface is supported by the associated instance, NS_NOINTERFACE if it is not.

    aInstancePtr must not be null.

    Parameters

    • aIID: object

      [in] A requested interface IID

    • aInstancePtr: object

      [out] A pointer to an interface pointer to receive the result.

    Returns void

Release

  • Decreases the reference count for this interface. Generally, if the reference count returns to zero, the associated instance is deleted.

    Returns

    The resulting reference count.

    Returns number

StartTLS

  • Returns void

asyncGetSecurityInfo

  • Asynchronously obtain the securityInfo of the TLS handshake. Resolves with an nsITransportSecurityInfo. This should probably only be used in tests, where JS running on the main thread cannot access any of the other fields of nsITLSSocketControl.

    Returns any

disableEarlyData

  • Disable early data.

    Returns void

driveHandshake

  • When 0RTT is performed, PR_Write will not drive the handshake forward. It must be forced by calling this function.

    Returns void

getAlpnEarlySelection

  • For 0RTT we need to know the alpn protocol selected for the last tls session. This function will return a value if applicable or an error NS_ERROR_NOT_AVAILABLE.

    Returns string

isAcceptableForHost

  • Determine if existing connection should be trusted to convey information about a hostname.

    Parameters

    • hostname: string

    Returns boolean

joinConnection

  • Determine if a potential SSL connection to hostname:port with a desired NPN negotiated protocol of npnProtocol can use the socket associated with this object instead of making a new one. And if so, combine them.

    Parameters

    • npnProtocol: string
    • hostname: string
    • port: number

    Returns boolean

proxyStartSSL

  • Returns void

setHandshakeCallbackListener

  • Parameters

    • callback: nsITlsHandshakeCallbackListener

    Returns void

setNPNList

  • NPN (Next Protocol Negotiation) is a mechanism for negotiating the protocol to be spoken inside the SSL tunnel during the SSL handshake. The NPNList is the list of offered client side protocols. setNPNList() needs to be called before any data is read or written (including the handshake to be setup correctly. The server determines the priority when multiple matches occur, but if there is no overlap the first protocol in the list is used.

    Parameters

    • aNPNList: nsCStringTArrayRef

    Returns void

testJoinConnection

  • just like JoinConnection() except do not mark a successful test as joined.

    Parameters

    • npnProtocol: string
    • hostname: string
    • port: number

    Returns boolean

Settings

Member Visibility

Theme

Generated using TypeDoc