ehmicky
Reputation: 2045
node.js SSL encryption without authentication
When a client connects to a node.js SSL server and is not authenticated, i.e.:
- server doesn't require it, i.e. uses
requestCert: false - or client certificate is "wrong", i.e. the
secureConnectionevent is fired on the SSL server butCleartextstream.authorizedisfalse
Is the communication between the client and the server still encrypted (authentication and confidentiality being two different things)?
Another way to put it: does node.js SSL server falls back as a normal/unencrypted TCP server if there are authentication problems, but still fires a secureConnection event?
Upvotes: 0
Views: 221
Answers (1)
alex
Reputation: 12265
Communication between the client and the server is always encrypted if you're using SSL server. So if somebody captures your traffic, he won't be able to read it (but you make MitM attack easier).
But why do you asking it here, if you can simply check the traffic using Wireshark?
Upvotes: 1
Related Questions
- Symmetric encryption with NodeJS
- Client-side encryption in NodeJS/Javascript
- How to encrypt message on browser and decrypt on node server without third-party libraries?
- Node.js - Encryption
- NodeJS Crypto encryption to front end javascript decryption
- Decrypt incoming HTTPS traffic in Node https server
- SSL using self-signed cert over Node.js
- Node.js server-to-server encryption
- Node.js SSL authentication
- How to encrypt in node.js and decrypt in browser javascript