require（'https'）vs require（'tls'） [英] require('https') vs require('tls')

问题描述

我试图使用Node.js，Express.js和TLS（1.2）在客户端和服务器之间创建一个非常安全的连接。

我认为我的问题正在理解什么是TLS实际是什么 - 意思是什么是交换，何时和如何由谁。

无论如何，我正在搜索互联网像一个nutter（疯狂的人）尝试找出以下内容：

• var tls = require（'tls'）; invoke？


• var https = require（'https'）; invoke？

当使用另一个节点作为客户端时，我可以使tls工作，但在这种情况下，客户端将成为浏览器中的用户。我可以同时使用浏览器或仅使用https？

谢谢

解决方案

我们确实从TLS开始。

TLS是一种在客户端和服务器之间提供安全连接的方法。它通过为客户端和服务器提供一种安全的方式来交换密钥，从而可以使用公共密钥加密来保护传输。确切的机制是这里，但这对于这个答案确实并不重要。

现在，什么是https？首先，让我们来谈谈 HTTP 。 HTTP是一种协议，用于定义Web服务器和客户端如何交流和交换网页或数据。基本上，它包括来自客户端的请求，并且服务器使用数字消息，头部和（可选）身体）进行响应。如果你熟悉写网页，这很明显。

那么现在，最后，什么是HTTPS？ HTTPS 是使用TLS保护数据的HTTP版本。这意味着客户端和服务器可以使用与之相同的协议，加密加密。

现在让我们在node.js中讨论这些。 >

当您使用 require（'tls'）时，您只使用加密层，而不定义协议。这将适用于任何不希望使用精确协议的内容，例如您的其他node.js客户端。

当您使用 require 'https'），你特别使用HTTP over TLS。 https模块 实际上是 tls模块！ （哎呀，实际上， https.Server 是 tls.Server 的子类）这意味着，只要你使用https模块，您也使用tls一个。

最后的问题是：浏览器需要什么？如果您一直遵循我所说的一切，您可以看到浏览器要https。事实上，您今天访问的大多数网页很可能已经通过https。

I'm trying to create a very secure connection between client and server using Node.js, Express.js and TLS (1.2).

I think my problem is in understanding what TLS actually is - meaning what is being exchanged, when and how by who.

Anyhow, I'm searching the internet like a nutter (crazy person) to try and figure out following:

• what does var tls = require('tls'); invoke?
• what does var https = require('https'); invoke?

I can get tls working when using another node as a client, but in this case the client will be a user in a browser. Can I use both for a browser or only https??

Thanks

解决方案

Let's indeed start with what TLS is.

TLS is a way to provide secure connections between a client and a server. It does this by providing a safe way for clients and servers to exchange keys so they can then use public-key cryptography to secure their transmission. The exact mechanism is found here, but it's really not important for this answer.

Now, what is https? Well first, let's talk about HTTP. HTTP is a protocol that defines how web servers and clients talk and exchange web pages or data. Basically, it includes a request from a client and the server responds with a numerical message, headers, and (optionally) a body. If you're familiar with writing web pages, this is obvious.

So now, finally, what is HTTPS? HTTPS is version of HTTP using TLS to secure data. This means that clients and servers can use the same protocol they're used to, wrapped in encryption.

Now, let's talk about these in node.js.

When you use require('tls'), you're only using the encryption layer, without defining the protocol. This will work fine for anything that doesn't expect an exact protocol, such as your other node.js client.

When you use require('https'), you're specifically using HTTP over TLS. The https module is actually a subclass of the tls module! (Oops, actually, the https.Server is a subclass of tls.Server) This means that whenever you're using the https module, you're also using the tls one.

Now, the final question: What does the browser want? If you've been following everything I've said, you can see that the browser wants https. In fact, it's likely that most of the webpages you've visited today has been over https.

这篇关于require（'https'）vs require（'tls'）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！