TlsProfile
Defined in: src/types/public.ts:164
TLS settings shared by certificate-aware providers such as FTPS and future HTTPS/WebDAV adapters.
Secret-bearing fields accept inline values, environment-backed values, or file-backed values, and are resolved by providers before opening TLS sockets.
Properties
Section titled “Properties”| Property | Type | Description | Defined in |
|---|---|---|---|
ca? | TlsSecretSource | Certificate authority bundle used to validate private or self-signed endpoints. | src/types/public.ts:166 |
cert? | SecretSource | Client certificate PEM used for mutual TLS when a provider requires it. | src/types/public.ts:168 |
checkServerIdentity? | (host: string, cert: PeerCertificate) => Error | undefined | Optional custom server identity checker for private PKI or certificate pinning. | src/types/public.ts:196 |
key? | SecretSource | Client private key PEM used with cert. | src/types/public.ts:170 |
maxVersion? | SecureVersion | Maximum TLS protocol version accepted by the client. | src/types/public.ts:182 |
minVersion? | SecureVersion | Minimum TLS protocol version accepted by the client. | src/types/public.ts:180 |
passphrase? | SecretSource | Passphrase for an encrypted private key or PFX/P12 bundle. | src/types/public.ts:174 |
pfx? | SecretSource | PFX/P12 client certificate bundle. | src/types/public.ts:172 |
pinnedFingerprint256? | string | readonly string[] | Optional. Expected server certificate SHA-256 fingerprint(s) for certificate pinning, in hex form with or without colons. When present, the TLS handshake additionally requires the leaf certificate’s SHA-256 fingerprint to match one of these values. Not required for normal CA-trusted endpoints - public CAs and ca bundles already gate trust via rejectUnauthorized. Pinning is recommended for production when you control the server and want defence-in-depth against rogue certificates issued by trusted CAs. Example "AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33:44:55:66:77:88:99" | src/types/public.ts:194 |
rejectUnauthorized? | boolean | Whether TLS certificate validation is required. Defaults to true. | src/types/public.ts:178 |
servername? | string | Server name used for SNI and certificate identity checks. Defaults to the profile host. | src/types/public.ts:176 |