Menu
Would it be possible to create a TLS connection from within a browser using node-forge? I'm basically looking to test/verify the TLS handshake and simply output info about it in the browser. Node-forge seems like a javascript tls implementation but not sure it would be possible to do what I want in a browser as mainly seems like it works with node.
var socket = new net.Socket();
var client = forge.tls.createConnection({
server: false,
verify: function(connection, verified, depth, certs) {
// skip verification for testing
console.log('[tls] server certificate verified');
return true;
},
connected: function(connection) {
console.log('[tls] connected');
// prepare some data to send (note that the string is interpreted as
// 'binary' encoded, which works for HTTP which only uses ASCII, use
// forge.util.encodeUtf8(str) otherwise
client.prepare('GET / HTTP/1.0\r\n\r\n');
},
tlsDataReady: function(connection) {
// encrypted data is ready to be sent to the server
var data = connection.tlsData.getBytes();
socket.write(data, 'binary'); // encoding should be 'binary'
},
dataReady: function(connection) {
// clear data from the server is ready
var data = connection.data.getBytes();
console.log('[tls] data received from the server: ' + data);
},
closed: function() {
console.log('[tls] disconnected');
},
error: function(connection, error) {
console.log('[tls] error', error);
}
});
socket.on('connect', function() {
console.log('[socket] connected');
client.handshake();
});
socket.on('data', function(data) {
client.process(data.toString('binary')); // encoding should be 'binary'
});
socket.on('end', function() {
console.log('[socket] disconnected');
});
// connect to google.com
socket.connect(443, 'google.com');
// or connect to gmail's imap server (but don't send the HTTP header above)
//socket.connect(993, 'imap.gmail.com');
This example snippets is using net.sockets but would this work from within a browser?
253
This answer is antiquated now though, I found myself facing a similar need, here is the answered questioned using websockify facing a TLS server.
Your code for node sockets was mostly fine, the main difference is you just need to use websocket.send instead of socket.write and you need to recieve on onmessage instead of the data event
var Buffer = (your Browser buffer polyfill of choice, I used filer);
var Socket;
var client = forge.tls.createConnection({
server: false,
verify: function (connection, verified, depth, certs) {
// skip verification for testing
console.log("[tls] server certificate verified");
return true;
},
connected: function (connection) {
console.log("[tls] connected");
// prepare some data to send (note that the string is interpreted as
// 'binary' encoded, which works for HTTP which only uses ASCII, use
// forge.util.encodeUtf8(str) otherwise
client.prepare("GET / HTTP/1.0\r\n\r\n");
},
tlsDataReady: function (connection) {
// encrypted data is ready to be sent to the server
var data = connection.tlsData.getBytes();
socket.send(Buffer.from(data, "binary")); // encoding should be 'binary'
},
dataReady: function (connection) {
// clear data from the server is ready
var data = connection.data.getBytes();
console.log("[tls] data received from the server: " + data);
},
closed: function () {
console.log("[tls] disconnected");
},
error: function (connection, error) {
console.log("[tls] error", error);
},
});
socket = new WebSocket("ws://websockifyhost");
socket.onopen = function () {
console.log("[socket] connected");
client.handshake();
};
socket.onmessage = async function (event) {
const data = await event.data.arrayBuffer();
client.process(Buffer.from(data).toString("binary"));
};
socket.onclose = function () {
console.log("[socket] disconnected");
};
answered Nov 24 '25 10:11
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With