nng_tls(7)

SYNOPSIS

#include <nng/transport/tls/tls.h>
+
+int nng_tls_register(void);

DESCRIPTION

+The tls transport provides communication support between +nng sockets across a TCP/IP network using +TLS v1.2 on top of +TCP. +Both IPv4 and IPv6 are supported when the underlying platform also supports it.

The protocol details are documented in +TLS Mapping for Scalability Protocols.

Registration

Depending upon how the library was built, it may be necessary to +register the transport by calling +nng_tls_register().

Availability

The tls transport depends on the use of an external library. +As of this writing, mbedTLS version 2.0 +or later is required.

+ + + + + +

+ +	+Applications may need to add this library (or libraries) to +their link line, particularly when using a statically built +nng library. +

+ + + + + +

+ +	+The mbedTLS library uses different licensing terms than +nng itself; as of this writing it is offered under either +Apache License 2.0 or +GNU GPL terms. +You are responsible for understanding and adhering to the +license terms of any libraries you make use of. +

URI Format

+This transport uses URIs using the scheme tls+tcp://, followed by +an IP address or hostname, followed by a colon and finally a +TCP port number. +For example, to contact port 4433 on the localhost +either of the following URIs could be used: tls+tcp://127.0.0.1:4433 or +tls+tcp://localhost:4433.

A URI may be restricted to IPv6 using the scheme tls+tcp6://, and may +be restricted to IPv4 using the scheme tls+tcp4://.

+ + + + + +

+ +	+Specifying `tls+tcp6://` may not prevent IPv4 hosts from being used with +IPv4-in-IPv6 addresses, particularly when using a wildcard hostname with +listeners. +The details of this varies across operating systems. +

+ + + + + +

+ +	+Both `tls+tcp6://` and `tls+tcp4://` are nng extensions, and may not +be understood by other implementations. +

+ + + + + +

+ +	+We recommend using either numeric IP addresses, or names that are +specific to either IPv4 or IPv6 to prevent confusion and surprises. +

When specifying IPv6 addresses, the address must be enclosed in +square brackets ([]) to avoid confusion with the final colon +separating the port.

For example, the same port 4433 on the IPv6 loopback address ('::1') would +be specified as tls+tcp://[::1]:4433.

+ + + + + +

+ +	+Certificate validation generally works when using names +rather than IP addresses. +This transport automatically uses the name supplied in the URL when validating +the certificate supplied by the server. +

The special value of 0 (INADDR_ANY) can be used for a listener +to indicate that it should listen on all interfaces on the host. +A short-hand for this form is to either omit the address, or specify +the asterisk (*) character. +For example, the following three URIs are all equivalent, +and could be used to listen to port 9999 on the host:

+
tls+tcp://0.0.0.0:9999
+
+
tls+tcp://*:9999
+
+
tls+tcp://:9999
+

The entire URI must be less than NNG_MAXADDRLEN bytes long.

Socket Address

When using an nng_sockaddr structure, +the actual structure is either of type +nng_sockaddr_in (for IPv4) or +nng_sockaddr_in6 (for IPv6).

Transport Options

The following transport options are available. +Note that setting these must be done before the transport is started.

nng_tls(7) Manual Page

NAME

SYNOPSIS

DESCRIPTION

Registration

Availability

URI Format

Socket Address

Transport Options

SEE ALSO