tlsSocket.getTLSTicket() NOTE: Works only with client TLS sockets. Useful only for debugging, for session reuse provide session option to tls.connect(). Returns the TLS session ticket or undefined if none was negotiated.

tlsSocket.localAddress The string representation of the local IP address.

tlsSocket.getProtocol() Returns a string containing the negotiated SSL/TLS protocol version of the current connection. 'unknown' will be returned for connected sockets that have not completed the handshaking process. null will be returned for server sockets or disconnected client sockets. Examples: 'SSLv3' 'TLSv1' 'TLSv1.1' 'TLSv1.2' 'unknown' See https://www.openssl.org/docs/manmaster/ssl/SSL_get_version.html for more information.

tlsSocket.getPeerCertificate([ detailed ]) Returns an object representing the peer's certificate. The returned object has some properties corresponding to the fields of the certificate. If the detailed argument is true the full chain with the issuer property will be returned, if false only the top certificate without the issuer property. Example: { subject: { C: 'UK', ST: 'Acknack Ltd', L: 'Rhys Jones', O: 'node.js', OU: 'Test TLS Certificate', CN: 'localhost' },

tlsSocket.authorized A boolean that is true if the peer certificate was signed by one of the specified CAs, otherwise false.

tlsSocket.encrypted Static boolean value, always true. May be used to distinguish TLS sockets from regular ones.

tlsSocket.getCipher() Returns an object representing the cipher name and the SSL/TLS protocol version that first defined the cipher. Example: { name: 'AES256-SHA', version: 'TLSv1/SSLv3' } See SSL_CIPHER_get_name() and SSL_CIPHER_get_version() in https://www.openssl.org/docs/manmaster/ssl/SSL_CIPHER_get_name.html for more information.

tlsSocket.getEphemeralKeyInfo() Returns an object representing the type, name, and size of parameter of an ephemeral key exchange in Perfect Forward Secrecy on a client connection. It returns an empty object when the key exchange is not ephemeral. As this is only supported on a client socket, it returns null if called on a server socket. The supported types are 'DH' and 'ECDH'. The name property is only available in 'ECDH'. Example: { type: 'ECDH', name: 'prime256v1', size: 256 }

Class: tls.TLSSocket This is a wrapped version of net.Socket that does transparent encryption of written data and all required TLS negotiation. This instance implements the duplex Stream interface. It has all the common stream methods and events. Methods that return TLS connection metadata (e.g. tls.TLSSocket.getPeerCertificate() will only return data while the connection is open.

tlsSocket.address() Returns the bound address, the address family name, and port of the underlying socket as reported by the operating system. Returns an object with three properties, e.g., { port: 12346, family: 'IPv4', address: '127.0.0.1' }