Provided by: libnng-dev_1.9.0-2_amd64 
NAME
nng_tls - TLS transport
SYNOPSIS
#include <nng/transport/tls/tls.h>
int nng_tls_register(void);
DESCRIPTION
The tls transport provides communication support between peers across a TCP/IP network
using TLS v1.2 <https://tools.ietf.org/html/rfc5246> on top of TCP
<https://tools.ietf.org/html/rfc793>. Both IPv4 and IPv6 are supported when the underlying
platform also supports it.
The protocol details are documented in TLS Mapping for Scalability Protocols
<http://nanomsg.org/rfcs/sp-tls-v1.html>.
Registration
Depending upon how the library was built, it may be necessary to register the transport by
calling nng_tls_register().
Availability
The tls transport depends on the use of an external library. As of this writing, mbedTLS
<https://tls.mbed.org/> version 2.0 or later is required.
Tip
Applications may need to add this library (or libraries) to their link line,
particularly when using a statically built library.
Note
The mbedTLS library uses different licensing terms than NNG itself; as of this writing
it is offered under either Apache License 2.0
<https://opensource.org/licenses/Apache-2.0> or GNU GPL
<https://opensource.org/licenses/gpl-license> terms. You are responsible for
understanding and adhering to the license terms of any libraries you use.
URI Format
This transport uses URIs using the scheme tls+tcp://, followed by an IP address or
hostname, followed by a colon and finally a TCP port number. For example, to contact port
4433 on the localhost either of the following URIs could be used: tls+tcp://127.0.0.1:4433
or tls+tcp://localhost:4433.
A URI may be restricted to IPv6 using the scheme tls+tcp6://, and may be restricted to
IPv4 using the scheme tls+tcp4://.
Note
Specifying tls+tcp6:// may not prevent IPv4 hosts from being used with IPv4-in-IPv6
addresses, particularly when using a wildcard hostname with listeners. The details of
this varies across operating systems.
Note
Both tls+tcp6:// and tls+tcp4:// are specific to NNG, and may not be understood by
other implementations.
Tip
We recommend using either numeric IP addresses, or names that are specific to either
IPv4 or IPv6 to prevent confusion and surprises.
When specifying IPv6 addresses, the address must be enclosed in square brackets ([]) to
avoid confusion with the final colon separating the port.
For example, the same port 4433 on the IPv6 loopback address ('::1') would be specified as
tls+tcp://[::1]:4433.
Tip
Certificate validation generally works when using names rather than IP addresses. This
transport automatically uses the name supplied in the URL when validating the
certificate supplied by the server.
The special value of 0 (INADDR_ANY) can be used for a listener to indicate that it should
listen on all interfaces on the host. A short-hand for this form is to either omit the
address, or specify the asterisk (*) character. For example, the following three URIs are
all equivalent, and could be used to listen to port 9999 on the host:
1. tls+tcp://0.0.0.0:9999
2. tls+tcp://*:9999
3. tls+tcp://:9999
The entire URI must be less than NNG_MAXADDRLEN bytes long.
Socket Address
When using an nng_sockaddr structure, the actual structure is either of type
nng_sockaddr_in (for IPv4) or nng_sockaddr_in6 (for IPv6).
Transport Options
The following transport options are available. Note that setting these must be done before
the transport is started.
• NNG_OPT_LOCADDR
• NNG_OPT_REMADDR
• NNG_OPT_TCP_KEEPALIVE
• NNG_OPT_TCP_NODELAY
• NNG_OPT_TLS_AUTH_MODE
• NNG_OPT_TLS_CA_FILE
• NNG_OPT_TLS_CERT_KEY_FILE
• NNG_OPT_TLS_CONFIG
• NNG_OPT_TLS_VERIFIED_
• NNG_OPT_TLS_PEER_CN
• NNG_OPT_TLS_PEER_ALT_NAMES
• NNG_OPT_URL
SEE ALSO
nng_tls_config_alloc(3tls) nng_options(5), nng_sockaddr_in(5), nng_sockaddr_in6(5),
nng_tcp_options(5), nng_tls_config(5), nng_tls_options(5), nng(7),
2024-12-27 NNG_TLS(7)