0

When a client connects to a node.js SSL server and is not authenticated, i.e.:

  • server doesn't require it, i.e. uses requestCert: false
  • or client certificate is "wrong", i.e. the secureConnection event is fired on the SSL server but Cleartextstream.authorized is false

Is the communication between the client and the server still encrypted (authentication and confidentiality being two different things)?

Another way to put it: does node.js SSL server falls back as a normal/unencrypted TCP server if there are authentication problems, but still fires a secureConnection event?

Improve this question

1 Answer 1

Reset to default
1

Communication between the client and the server is always encrypted if you're using SSL server. So if somebody captures your traffic, he won't be able to read it (but you make MitM attack easier).

But why do you asking it here, if you can simply check the traffic using Wireshark?

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Good point for Wireshark. I guess my question was more: does node.js SSL server behaves like a normal TCP server if there are authentication problems?
it behaves like a normal SSL server... you can check it with openssl s_client by the way

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.