← Back to index
function Deno.startTls

Start TLS handshake from an existing connection using an optional list of CA certificates, and hostname (default is "127.0.0.1"). Specifying CA certs is optional. By default the configured root certificates are used. Using this function requires that the other end of the connection is prepared for a TLS handshake.

Note that this function consumes the TCP connection passed to it, thus the original TCP connection will be unusable after calling this. Additionally, you need to ensure that the TCP connection is not being used elsewhere when calling this function in order for the TCP connection to be consumed properly. For instance, if there is a Promise that is waiting for read operation on the TCP connection to complete, it is considered that the TCP connection is being used elsewhere. In such a case, this function will fail.

const conn = await Deno.connect({ port: 80, hostname: "127.0.0.1" });
const caCert = await Deno.readTextFile("./certs/my_custom_root_CA.pem");
// `conn` becomes unusable after calling `Deno.startTls`
const tlsConn = await Deno.startTls(conn, { caCerts: [caCert], hostname: "localhost" });

Requires allow-net permission.