diff --git a/doc/api/tls.md b/doc/api/tls.md index 0cfab387f20..d3f3fdadff1 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -583,6 +583,23 @@ if called on a server socket. The supported types are `'DH'` and `'ECDH'`. The For Example: `{ type: 'ECDH', name: 'prime256v1', size: 256 }` +### tlsSocket.getFinished() + + +* Returns: {Buffer|undefined} The latest `Finished` message that has been +sent to the socket as part of a SSL/TLS handshake, or `undefined` if +no `Finished` message has been sent yet. + +As the `Finished` messages are message digests of the complete handshake +(with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can +be used for external authentication procedures when the authentication +provided by SSL/TLS is not desired or is not enough. + +Corresponds to the `SSL_get_finished` routine in OpenSSL and may be used +to implement the `tls-unique` channel binding from [RFC 5929][]. + ### tlsSocket.getPeerCertificate([detailed]) + +* Returns: {Buffer|undefined} The latest `Finished` message that is expected +or has actually been received from the socket as part of a SSL/TLS handshake, +or `undefined` if there is no `Finished` message so far. + +As the `Finished` messages are message digests of the complete handshake +(with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can +be used for external authentication procedures when the authentication +provided by SSL/TLS is not desired or is not enough. + +Corresponds to the `SSL_get_peer_finished` routine in OpenSSL and may be used +to implement the `tls-unique` channel binding from [RFC 5929][]. + ### tlsSocket.getProtocol()