From 737d856a3235cc416091c0f938ee6216d62799b1 Mon Sep 17 00:00:00 2001
From: Brandon Nozaki Miller <brandon@diginow.it>
Date: Sun, 27 Sep 2015 21:52:16 -0700
Subject: [PATCH] added tls ssl support, examples, and local only certs

---
 README.md                                     | 134 ++++++-
 .../goodbye-client.js                         |  47 +++
 .../hello-client.js                           |  53 +++
 .../world-server.js                           |  55 +++
 .../basic-more-secure/hello-client.js         |  47 +++
 .../basic-more-secure/world-server.js         |  48 +++
 .../basic-most-secure/hello-client.js         |  48 +++
 .../basic-most-secure/world-server.js         |  49 +++
 example/TLSSocket/basic/hello-client.js       |  42 +++
 example/TLSSocket/basic/world-server.js       |  42 +++
 .../hello-client.js                           |  45 +++
 .../world.server.js                           |  53 +++
 lib/client.js                                 |  46 ++-
 lib/socketServer.js                           |  37 +-
 local-node-ipc-certs/client.pub               |  23 ++
 local-node-ipc-certs/openssl.cnf              | 352 ++++++++++++++++++
 local-node-ipc-certs/private/client.key       |  27 ++
 local-node-ipc-certs/private/dhparam.pem      |   8 +
 local-node-ipc-certs/private/server.key       |  27 ++
 local-node-ipc-certs/server.pub               |  24 ++
 node-ipc.js                                   |  99 ++---
 21 files changed, 1245 insertions(+), 61 deletions(-)
 create mode 100644 example/TLSSocket/Multi-Client-Broadcast-basic/goodbye-client.js
 create mode 100644 example/TLSSocket/Multi-Client-Broadcast-basic/hello-client.js
 create mode 100644 example/TLSSocket/Multi-Client-Broadcast-basic/world-server.js
 create mode 100644 example/TLSSocket/basic-more-secure/hello-client.js
 create mode 100644 example/TLSSocket/basic-more-secure/world-server.js
 create mode 100644 example/TLSSocket/basic-most-secure/hello-client.js
 create mode 100644 example/TLSSocket/basic-most-secure/world-server.js
 create mode 100644 example/TLSSocket/basic/hello-client.js
 create mode 100644 example/TLSSocket/basic/world-server.js
 create mode 100644 example/TLSSocket/rawBuffer-only-works-with-most-secure/hello-client.js
 create mode 100644 example/TLSSocket/rawBuffer-only-works-with-most-secure/world.server.js
 create mode 100644 local-node-ipc-certs/client.pub
 create mode 100644 local-node-ipc-certs/openssl.cnf
 create mode 100644 local-node-ipc-certs/private/client.key
 create mode 100644 local-node-ipc-certs/private/dhparam.pem
 create mode 100644 local-node-ipc-certs/private/server.key
 create mode 100644 local-node-ipc-certs/server.pub

diff --git a/README.md b/README.md
index ea3fd95..7a76c77 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,7 @@ This work is licenced via the [DBAD Public Licence](http://www.dbad-license.org/
     1. [Server for Unix||Windows Sockets & TCP Sockets](#server-for-unix-sockets--tcp-sockets)
     2. [Client for Unix||Windows Sockets & TCP Sockets](#client-for-unix-sockets--tcp-sockets)
     3. [Server & Client for UDP Sockets](#server--client-for-udp-sockets)
+    4. [Raw Buffers or Binary Sockets](#raw-buffer-or-binary-sockets)
 5. [Advanced Examples](https://github.com/RIAEvangelist/node-ipc/tree/master/example)
 
 
@@ -46,7 +47,7 @@ This work is licenced via the [DBAD Public Licence](http://www.dbad-license.org/
 |-----------|-----------|-----------|
 |Unix Socket or Windows Socket| Stable    | Gives Linux, Mac, and Windows lightning fast communication and avoids the network card to reduce overhead and latency. [Local Unix and Windows Socket examples ](https://github.com/RIAEvangelist/node-ipc/tree/master/example/unixWindowsSocket/ "Unix and Windows Socket Node IPC examples")  |
 |TCP Socket | Stable    | Gives the most reliable communication across the network. Can be used for local IPC as well, but is slower than #1's Unix Socket Implementation because TCP sockets go through the network card while Unix Sockets and Windows Sockets do not. [Local or remote network TCP Socket examples ](https://github.com/RIAEvangelist/node-ipc/tree/master/example/TCPSocket/ "TCP Socket Node IPC examples") |
-|TLS Socket | Alpha     | ***coming soon...*** |
+|TLS Socket | Stable    | Configureable and secure network socket over SSL. Equivalent to https. |
 |UDP Sockets| Stable    | Gives the **fastest network communication**. UDP is less reliable but much faster than TCP. It is best used for streaming non critical data like sound, video, or multiplayer game data as it can drop packets depending on network connectivity and other factors. UDP can be used for local IPC as well, but is slower than #1's Unix Socket or Windows Socket Implementation because UDP sockets go through the network card while Unix and Windows Sockets do not. [Local or remote network UDP Socket examples ](https://github.com/RIAEvangelist/node-ipc/tree/master/example/UDPSocket/ "UDP Socket Node IPC examples") |  
 
 | OS  | Supported Sockets  |
@@ -61,6 +62,8 @@ This work is licenced via the [DBAD Public Licence](http://www.dbad-license.org/
 
 Set these variables in the `ipc.config` scope to overwrite or set default values.
 
+```javascript
+
     {
         appspace        : 'app.',
         socketRoot      : '/tmp/',
@@ -76,6 +79,7 @@ Set these variables in the `ipc.config` scope to overwrite or set default values
         stopRetrying    : false
     }
 
+```
 
 | variable | documentation |
 |----------|---------------|
@@ -106,6 +110,8 @@ ipc.log will accept any number of arguments and if `ipc.config.silent` is not se
 
 The log also supports [colors](https://github.com/Marak/colors.js) implementation. All of the available styles are supported and the theme styles are as follows :
 
+```javascript
+
     {
         good    : 'green',
         notice  : 'yellow',
@@ -116,8 +122,12 @@ The log also supports [colors](https://github.com/Marak/colors.js) implementatio
         data    : 'blue'
     }    
 
+```
+
 You can override any of these settings by requireing colors and setting the theme as follows :
 
+```javascript
+
     var colors=require('colors');
 
     colors.setTheme(
@@ -127,6 +137,9 @@ You can override any of these settings by requireing colors and setting the them
             ...
         }    
     );
+
+```
+
 ----
 ##### connectTo
 
@@ -142,10 +155,16 @@ Used for connecting as a client to local Unix Sockets and Windows Sockets. ***Th
 
 **examples** arguments can be ommitted so long as they are still in order.
 
+```javascript
+
     ipc.connectTo('world');
 
+```
+
 or using just an id and a callback
 
+```javascript
+
     ipc.connectTo(
         'world',
         function(){
@@ -159,15 +178,23 @@ or using just an id and a callback
         }
     );
 
+```
+
 or explicitly setting the path
 
+```javascript
+
     ipc.connectTo(
         'world',
         'myapp.world'
     );
 
+```
+
 or explicitly setting the path with callback
 
+```javascript
+
     ipc.connectTo(
         'world',
         'myapp.world',
@@ -175,6 +202,9 @@ or explicitly setting the path with callback
             ...
         }
     );
+
+```
+
 ----
 ##### connectToNet
 
@@ -192,10 +222,16 @@ Used to connect as a client to a TCP or TLS socket via the network card. This ca
 **examples** arguments can be ommitted so long as they are still in order.  
 So while the default is : (id,host,port,callback), the following examples will still work because they are still in order (id,port,callback) or (id,host,callback) or (id,port) etc.
 
+```javascript
+
     ipc.connectToNet('world');
 
+```
+
 or using just an id and a callback
 
+```javascript
+
     ipc.connectToNet(
         'world',
         function(){
@@ -203,16 +239,24 @@ or using just an id and a callback
         }
     );
 
+```
+
 or explicitly setting the host and path
 
+```javascript
+
     ipc.connectToNet(
         'world',
         'myapp.com',serve(path,callback)
         3435
     );
 
+```
+
 or only explicitly setting port and callback
 
+```javascript
+
     ipc.connectToNet(
         'world',
         3435,
@@ -221,6 +265,8 @@ or only explicitly setting port and callback
         }
     );
 
+```
+
 ----
 ##### disconnect
 
@@ -234,8 +280,12 @@ Used to disconnect a client from a Unix, Windows, TCP or TLS socket. The socket
 
 **examples**
 
+```javascript
+
     ipc.disconnect('world');
 
+```
+
 ----
 ##### serve
 `ipc.serve(path,callback);`  
@@ -249,27 +299,43 @@ Used to create local Unix Socket Server or Windows Socket Server to which Client
 
 ***examples*** arguments can be omitted so long as they are still in order.
 
+```javascript
+
     ipc.serve();
 
+```
+
 or specifying callback
 
+```javascript
+
     ipc.serve(
         function(){...}
     );
 
+```
+
 or specify path
 
+```javascript
+
     ipc.serve(
         '/tmp/myapp.myservice'
     );
 
+```
+
 or specifying everything
 
+```javascript
+
     ipc.serve(
         '/tmp/myapp.myservice',
         function(){...}
     );
 
+```
+
 ----    
 ##### serveNet
 
@@ -289,41 +355,67 @@ Used to create TCP, TLS or UDP Socket Server to which Clients can bind or other
 
 default tcp server
 
+```javascript
+
     ipc.serveNet();
 
+```
+
 default udp server
 
+```javascript
+
     ipc.serveNet('udp4');
 
+```
+
 or specifying TCP server with callback
 
+```javascript
+
     ipc.serveNet(
         function(){...}
     );
 
+```
+
 or specifying UDP server with callback
 
+```javascript
+
     ipc.serveNet(
         'udp4',
         function(){...}
     );
 
+```
+
 or specify port
 
+```javascript
+
     ipc.serveNet(
         3435
     );
 
+```
+
 or specifying everything TCP
 
+```javascript
+
     ipc.serveNet(
         'MyMostAwesomeApp.com',
         3435,
         function(){...}
     );
 
+```
+
 or specifying everything UDP
 
+```javascript
+
     ipc.serveNet(
         'MyMostAwesomeApp.com',
         3435,
@@ -331,6 +423,8 @@ or specifying everything UDP
         function(){...}
     );
 
+```
+
 ----
 ### IPC Stores and Default Variables  
 
@@ -346,6 +440,8 @@ You can find [Advanced Examples](https://github.com/RIAEvangelist/node-ipc/tree/
 #### Server for Unix Sockets, Windows Sockets & TCP Sockets
 The server is the process keeping a socket for IPC open. Multiple sockets can connect to this server and talk to it. It can also broadcast to all clients or emit to a specific client. This is the most basic example which will work for local Unix and Windows Sockets as well as local or remote network TCP Sockets.
 
+```javascript
+
     var ipc=require('node-ipc');
 
     ipc.config.id   = 'world';
@@ -369,9 +465,13 @@ The server is the process keeping a socket for IPC open. Multiple sockets can co
 
     ipc.server.start();
 
+```
+
 #### Client for Unix Sockets & TCP Sockets
 The client connects to the servers socket for Inter Process Communication. The socket will receive events emitted to it specifically as well as events which are broadcast out on the socket by the server. This is the most basic example which will work for both local Unix Sockets and local or remote network TCP Sockets.
 
+```javascript
+
     var ipc=require('node-ipc');
 
     ipc.config.id   = 'hello';
@@ -405,6 +505,8 @@ The client connects to the servers socket for Inter Process Communication. The s
         }
     );
 
+```
+
 #### Server & Client for UDP Sockets
 UDP Sockets are different than Unix, Windows & TCP Sockets because they must be bound to a unique port on their machine to receive messages. For example, A TCP, Unix, or Windows Socket client could just connect to a separate TCP, Unix, or Windows Socket sever. That client could then exchange, both send and receive, data on the servers port or location. UDP Sockets can not do this. They must bind to a port to receive or send data.  
 
@@ -414,6 +516,8 @@ This is the most basic example which will work for both local and remote UDP Soc
 
 ##### UDP Server 1 - "World"
 
+```javascript
+
     var ipc=require('../../../node-ipc');
 
     ipc.config.id   = 'world';
@@ -446,9 +550,13 @@ This is the most basic example which will work for both local and remote UDP Soc
 
     ipc.server.start();
 
+```
+
 ##### UDP Server 2 - "Hello"
 *note* we set the port here to 8001 because the world server is already using the default ipc.config.networkPort of 8000. So we can not bind to 8000 while world is using it.
 
+```javascript
+
     ipc.config.id   = 'hello';
     ipc.config.retry= 1500;
 
@@ -481,20 +589,31 @@ This is the most basic example which will work for both local and remote UDP Soc
 
     ipc.server.start();
 
+```
+
 #### Raw Buffer or Binary Sockets
 Binary or Buffer sockets can be used with any of the above socket types, however the way data events are emit is ***slightly*** different.
 
 When setting up a rawBuffer socket you must specify it as such :
 
+```javascript
+
     ipc.config.rawBuffer=true;
 
+```
+
 You can also specify its encoding type. The default is ` utf8 `
 
+```javascript
+
     ipc.config.encoding='utf8';
 
+```
 
 emit string buffer :
 
+```javascript
+
     //server
     ipc.server.emit(
         socket,
@@ -506,8 +625,12 @@ emit string buffer :
         'hello'
     )
 
+```
+
 emit byte array buffer :
 
+```javascript
+
     //server
     ipc.server.emit(
         socket,
@@ -519,8 +642,12 @@ emit byte array buffer :
         [10,20,30]
     );
 
+```
+
 emit hex array buffer :
 
+```javascript
+
     //server
     ipc.server.emit(
         socket,
@@ -531,3 +658,8 @@ emit hex array buffer :
     ipc.server.emit(
         [0x05,0x6d,0x5c]
     );
+
+```
+
+#### Licensed under DBAD license
+See the [DBAD license](https://github.com/philsturgeon/dbad) in your language or our [licence.md](https://github.com/RIAEvangelist/node-phidget-API/blob/master/license.md) file.
diff --git a/example/TLSSocket/Multi-Client-Broadcast-basic/goodbye-client.js b/example/TLSSocket/Multi-Client-Broadcast-basic/goodbye-client.js
new file mode 100644
index 0000000..6c8f8f3
--- /dev/null
+++ b/example/TLSSocket/Multi-Client-Broadcast-basic/goodbye-client.js
@@ -0,0 +1,47 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'goodbye';
+ipc.config.retry= 1500;
+ipc.config.maxRetries= 10;
+ipc.config.tls={
+    rejectUnauthorized:false
+};
+
+ipc.connectToNet(
+    'world',
+    function(){
+        ipc.of.world.on(
+            'connect',
+            function(){
+                ipc.log('## connected to world ##'.rainbow, ipc.config.delay);
+                ipc.of.world.emit(
+                    'app.message',
+                    {
+                        id      : ipc.config.id,
+                        message : 'goodbye'
+                    }
+                )
+            }
+        );
+        ipc.of.world.on(
+            'disconnect',
+            function(){
+                ipc.log('disconnected from world'.notice);
+            }
+        );
+        ipc.of.world.on(
+            'kill.connection',
+            function(data){
+                ipc.log('world requested kill.connection'.notice);
+                ipc.disconnect('world');
+            }
+        );
+    }
+);
diff --git a/example/TLSSocket/Multi-Client-Broadcast-basic/hello-client.js b/example/TLSSocket/Multi-Client-Broadcast-basic/hello-client.js
new file mode 100644
index 0000000..7ae92f0
--- /dev/null
+++ b/example/TLSSocket/Multi-Client-Broadcast-basic/hello-client.js
@@ -0,0 +1,53 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'hello';
+ipc.config.retry= 1500;
+ipc.config.maxRetries=10;
+ipc.config.tls={
+    rejectUnauthorized:false
+};
+
+ipc.connectToNet(
+    'world',
+    function(){
+        ipc.of.world.on(
+            'connect',
+            function(){
+                ipc.log('## connected to world ##'.rainbow, ipc.config.delay);
+                ipc.of.world.emit(
+                    'app.message',
+                    {
+                        id      : ipc.config.id,
+                        message : 'hello'
+                    }
+                )
+            }
+        );
+        ipc.of.world.on(
+            'disconnect',
+            function(){
+                ipc.log('disconnected from world'.notice);
+            }
+        );
+        ipc.of.world.on(
+            'app.message',
+            function(data){
+                ipc.log('got a message from world : '.debug, data.message);
+            }
+        );
+        ipc.of.world.on(
+            'kill.connection',
+            function(data){
+                ipc.log('world requested kill.connection'.notice);
+                ipc.disconnect('world');
+            }
+        );
+    }
+);
diff --git a/example/TLSSocket/Multi-Client-Broadcast-basic/world-server.js b/example/TLSSocket/Multi-Client-Broadcast-basic/world-server.js
new file mode 100644
index 0000000..7c8a9b6
--- /dev/null
+++ b/example/TLSSocket/Multi-Client-Broadcast-basic/world-server.js
@@ -0,0 +1,55 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'world';
+ipc.config.retry= 1500;
+ipc.config.tls={
+    public: '../../../local-node-ipc-certs/server.pub',
+    private: '../../../local-node-ipc-certs/private/server.key'
+}
+
+var messages={
+    goodbye:false,
+    hello:false
+}
+
+ipc.serveNet(
+    function(){
+        ipc.server.on(
+            'app.message',
+            function(data,socket){
+                ipc.log('got a message from'.debug, (data.id).variable, (data.message).data);
+                messages[data.id]=true;
+                ipc.server.emit(
+                    socket,
+                    'app.message',
+                    {
+                        id      : ipc.config.id,
+                        message : data.message+' world!'
+                    }
+                );
+
+                if(messages.hello && messages.goodbye){
+                    ipc.log('got all required events, telling clients to kill connection'.good);
+                    ipc.server.broadcast(
+                        'kill.connection',
+                        {
+                            id:ipc.config.id
+                        }
+                    );
+                }
+            }
+        );
+    }
+);
+
+ipc.server.define.listen['app.message']='This event type listens for message strings as value of data key.';
+ipc.server.define.broadcast['kill.connection']='This event is a command to kill connection to this server, the data object will contain the id of this server incase the client needs it';
+
+ipc.server.start();
diff --git a/example/TLSSocket/basic-more-secure/hello-client.js b/example/TLSSocket/basic-more-secure/hello-client.js
new file mode 100644
index 0000000..4104d26
--- /dev/null
+++ b/example/TLSSocket/basic-more-secure/hello-client.js
@@ -0,0 +1,47 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'hello';
+ipc.config.retry= 1500;
+ipc.config.tls={
+    private: '../../../local-node-ipc-certs/private/client.key',
+    public: '../../../local-node-ipc-certs/client.pub',
+    rejectUnauthorized:false,
+    trustedConnections: [
+        '../../../local-node-ipc-certs/server.pub'
+    ]
+};
+
+ipc.connectToNet(
+    'world',
+    function(){
+        ipc.of.world.on(
+            'connect',
+            function(){
+                ipc.log('## connected to world ##'.rainbow, ipc.config.delay);
+                ipc.of.world.emit(
+                    'message',
+                    'hello'
+                )
+            }
+        );
+        ipc.of.world.on(
+            'disconnect',
+            function(){
+                ipc.log('disconnected from world'.notice);
+            }
+        );
+        ipc.of.world.on(
+            'message',
+            function(data){
+                ipc.log('got a message from world : '.debug, data);
+            }
+        );
+    }
+);
diff --git a/example/TLSSocket/basic-more-secure/world-server.js b/example/TLSSocket/basic-more-secure/world-server.js
new file mode 100644
index 0000000..1120bca
--- /dev/null
+++ b/example/TLSSocket/basic-more-secure/world-server.js
@@ -0,0 +1,48 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'world';
+ipc.config.retry= 1500;
+ipc.config.tls={
+    public: '../../../local-node-ipc-certs/server.pub',
+    private: '../../../local-node-ipc-certs/private/server.key',
+    dhparam: '../../../local-node-ipc-certs/private/dhparam.pem',
+    requestCert: true,
+    rejectUnauthorized:false,
+    trustedConnections: [
+        '../../../local-node-ipc-certs/client.pub'
+    ]
+}
+
+ipc.serveNet(
+    function(){
+        ipc.server.on(
+            'message',
+            function(data,socket){
+                ipc.log('got a message : '.debug, data);
+                ipc.server.emit(
+                    socket,
+                    'message',
+                    data+' world!'
+                );
+            }
+        );
+
+        ipc.server.on(
+            'socket.disconnected',
+            function(data,socket){
+                console.log(arguments)
+            }
+        );
+    }
+);
+
+ipc.server.define.listen.message='This event type listens for message strings as value of data key.';
+
+ipc.server.start();
diff --git a/example/TLSSocket/basic-most-secure/hello-client.js b/example/TLSSocket/basic-most-secure/hello-client.js
new file mode 100644
index 0000000..2bfced2
--- /dev/null
+++ b/example/TLSSocket/basic-most-secure/hello-client.js
@@ -0,0 +1,48 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'hello';
+ipc.config.retry= 1500;
+ipc.config.networkHost='localhost';
+ipc.config.tls={
+    private: '../../../local-node-ipc-certs/private/client.key',
+    public: '../../../local-node-ipc-certs/client.pub',
+    rejectUnauthorized:true,
+    trustedConnections: [
+        '../../../local-node-ipc-certs/server.pub'
+    ]
+};
+
+ipc.connectToNet(
+    'world',
+    function(){
+        ipc.of.world.on(
+            'connect',
+            function(){
+                ipc.log('## connected to world ##'.rainbow, ipc.config.delay);
+                ipc.of.world.emit(
+                    'message',
+                    'hello'
+                )
+            }
+        );
+        ipc.of.world.on(
+            'disconnect',
+            function(){
+                ipc.log('disconnected from world'.notice);
+            }
+        );
+        ipc.of.world.on(
+            'message',
+            function(data){
+                ipc.log('got a message from world : '.debug, data);
+            }
+        );
+    }
+);
diff --git a/example/TLSSocket/basic-most-secure/world-server.js b/example/TLSSocket/basic-most-secure/world-server.js
new file mode 100644
index 0000000..49f6b09
--- /dev/null
+++ b/example/TLSSocket/basic-most-secure/world-server.js
@@ -0,0 +1,49 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'world';
+ipc.config.retry= 1500;
+ipc.config.networkHost='localhost';
+ipc.config.tls={
+    public: '../../../local-node-ipc-certs/server.pub',
+    private: '../../../local-node-ipc-certs/private/server.key',
+    dhparam: '../../../local-node-ipc-certs/private/dhparam.pem',
+    requestCert: true,
+    rejectUnauthorized:true,
+    trustedConnections: [
+        '../../../local-node-ipc-certs/client.pub'
+    ]
+}
+
+ipc.serveNet(
+    function(){
+        ipc.server.on(
+            'message',
+            function(data,socket){
+                ipc.log('got a message : '.debug, data);
+                ipc.server.emit(
+                    socket,
+                    'message',
+                    data+' world!'
+                );
+            }
+        );
+
+        ipc.server.on(
+            'socket.disconnected',
+            function(data,socket){
+                console.log(arguments)
+            }
+        );
+    }
+);
+
+ipc.server.define.listen.message='This event type listens for message strings as value of data key.';
+
+ipc.server.start();
diff --git a/example/TLSSocket/basic/hello-client.js b/example/TLSSocket/basic/hello-client.js
new file mode 100644
index 0000000..2712a51
--- /dev/null
+++ b/example/TLSSocket/basic/hello-client.js
@@ -0,0 +1,42 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'hello';
+ipc.config.retry= 1500;
+ipc.config.tls={
+    rejectUnauthorized:false
+};
+
+ipc.connectToNet(
+    'world',
+    function(){
+        ipc.of.world.on(
+            'connect',
+            function(){
+                ipc.log('## connected to world ##'.rainbow, ipc.config.delay);
+                ipc.of.world.emit(
+                    'message',
+                    'hello'
+                )
+            }
+        );
+        ipc.of.world.on(
+            'disconnect',
+            function(){
+                ipc.log('disconnected from world'.notice);
+            }
+        );
+        ipc.of.world.on(
+            'message',
+            function(data){
+                ipc.log('got a message from world : '.debug, data);
+            }
+        );
+    }
+);
diff --git a/example/TLSSocket/basic/world-server.js b/example/TLSSocket/basic/world-server.js
new file mode 100644
index 0000000..7af34c3
--- /dev/null
+++ b/example/TLSSocket/basic/world-server.js
@@ -0,0 +1,42 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'world';
+ipc.config.retry= 1500;
+ipc.config.tls={
+    public: '../../../local-node-ipc-certs/server.pub',
+    private: '../../../local-node-ipc-certs/private/server.key'
+}
+
+ipc.serveNet(
+    function(){
+        ipc.server.on(
+            'message',
+            function(data,socket){
+                ipc.log('got a message : '.debug, data);
+                ipc.server.emit(
+                    socket,
+                    'message',
+                    data+' world!'
+                );
+            }
+        );
+
+        ipc.server.on(
+            'socket.disconnected',
+            function(data,socket){
+                console.log(arguments)
+            }
+        );
+    }
+);
+
+ipc.server.define.listen.message='This event type listens for message strings as value of data key.';
+
+ipc.server.start();
diff --git a/example/TLSSocket/rawBuffer-only-works-with-most-secure/hello-client.js b/example/TLSSocket/rawBuffer-only-works-with-most-secure/hello-client.js
new file mode 100644
index 0000000..b893444
--- /dev/null
+++ b/example/TLSSocket/rawBuffer-only-works-with-most-secure/hello-client.js
@@ -0,0 +1,45 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'hello';
+ipc.config.retry= 1500;
+ipc.config.rawBuffer=true;
+ipc.config.encoding='ascii';
+ipc.config.networkHost='localhost';
+
+ipc.config.tls={
+    private: '../../../local-node-ipc-certs/private/client.key',
+    public: '../../../local-node-ipc-certs/client.pub',
+    rejectUnauthorized:true,
+    trustedConnections: [
+        '../../../local-node-ipc-certs/server.pub'
+    ]
+};
+
+ipc.connectToNet(
+    'world',
+    function(){
+        ipc.of.world.on(
+            'connect',
+            function(){
+                ipc.log('## connected to world ##'.rainbow, ipc.config.delay);
+                ipc.of.world.emit(
+                    'hello'
+                )
+            }
+        );
+
+        ipc.of.world.on(
+            'data',
+            function(data){
+                ipc.log('got a message from world : '.debug, data,data.toString());
+            }
+        );
+    }
+);
diff --git a/example/TLSSocket/rawBuffer-only-works-with-most-secure/world.server.js b/example/TLSSocket/rawBuffer-only-works-with-most-secure/world.server.js
new file mode 100644
index 0000000..d4053ea
--- /dev/null
+++ b/example/TLSSocket/rawBuffer-only-works-with-most-secure/world.server.js
@@ -0,0 +1,53 @@
+var ipc=require('../../../node-ipc');
+
+/***************************************\
+ *
+ * You should start both hello and world
+ * then you will see them communicating.
+ *
+ * *************************************/
+
+ipc.config.id   = 'world';
+ipc.config.retry= 1500;
+ipc.config.rawBuffer=true;
+ipc.config.encoding='ascii';
+ipc.config.networkHost='localhost';
+
+ipc.config.tls={
+    public: '../../../local-node-ipc-certs/server.pub',
+    private: '../../../local-node-ipc-certs/private/server.key',
+    dhparam: '../../../local-node-ipc-certs/private/dhparam.pem',
+    requestCert: true,
+    rejectUnauthorized:true,
+    trustedConnections: [
+        '../../../local-node-ipc-certs/client.pub'
+    ]
+}
+
+ipc.serveNet(
+    function(){
+        ipc.server.on(
+            'connect',
+            function(socket){
+                console.log('connection detected');
+                ipc.server.emit(
+                    socket,
+                    'hello'
+                );
+            }
+        );
+
+        ipc.server.on(
+            'data',
+            function(data,socket){
+                ipc.log('got a message'.debug, data,data.toString());
+                ipc.server.emit(
+                    socket,
+                    'goodbye'
+                );
+            }
+        );
+    }
+);
+
+ipc.server.start();
diff --git a/lib/client.js b/lib/client.js
index c525820..5a161a2 100644
--- a/lib/client.js
+++ b/lib/client.js
@@ -1,7 +1,9 @@
 var net         = require('net'),
+    tls         = require('tls'),
     eventParser = require('../lib/eventParser.js'),
     pubsub      = require('event-pubsub'),
-    Message     = require('js-message');
+    Message     = require('js-message'),
+    fs          = require('fs');
 
 function init(config,log){
     var client={
@@ -56,13 +58,43 @@ function connect(){
             }
         );
     }else{
-        client.log('Connecting client via TCP to'.debug, client.path.variable ,client.port);
-        client.socket = net.connect(
-            {
-                port:client.port,
-                host:client.path
+        if(!client.config.tls){
+            client.log('Connecting client via TCP to'.debug, client.path.variable ,client.port);
+            client.socket = net.connect(
+                {
+                    port:client.port,
+                    host:client.path
+                }
+            );
+        }else{
+            client.log('Connecting client via TLS to'.debug, client.path.variable ,client.port,client.config.tls);
+            if(client.config.tls.private){
+                client.config.tls.key=fs.readFileSync(client.config.tls.private);
             }
-        );
+            if(client.config.tls.public){
+                client.config.tls.cert=fs.readFileSync(client.config.tls.public);
+            }
+            if(client.config.tls.trustedConnections){
+                if(typeof client.config.tls.trustedConnections === 'string'){
+                    client.config.tls.trustedConnections=[client.config.tls.trustedConnections];
+                }
+                client.config.tls.ca=[];
+                for(var i=0; i<client.config.tls.trustedConnections.length; i++){
+                    client.config.tls.ca.push(
+                        fs.readFileSync(client.config.tls.trustedConnections[i])
+                    );
+                }
+            }
+
+            client.config.tls.host=client.path;
+            client.config.tls.port=client.port;
+
+            console.log(client.config.tls,'###############');
+
+            client.socket = tls.connect(
+                client.config.tls
+            );
+        }
     }
 
     client.socket.setEncoding(this.config.encoding);
diff --git a/lib/socketServer.js b/lib/socketServer.js
index b0b15b9..ae4330a 100644
--- a/lib/socketServer.js
+++ b/lib/socketServer.js
@@ -1,4 +1,5 @@
 var net     = require('net'),
+    tls     = require('tls'),
     fs      = require('fs'),
     dgram   = require('dgram'),
     eventParser = require('../lib/eventParser.js'),
@@ -101,9 +102,37 @@ function init(path,config,log,port){
                             server.log('starting server on '.debug,server.path.variable,((server.port)?':'+server.port:'').variable);
 
                             if(!server.udp4 && !server.udp6){
-                                server.server=net.createServer(
-                                    serverCreated
-                                );
+                                if(!server.config.tls){
+                                    server.server=net.createServer(
+                                        serverCreated
+                                    );
+                                }else{
+                                    server.log('starting TLS server'.debug,server.config.tls);
+                                    if(server.config.tls.private){
+                                        server.config.tls.key=fs.readFileSync(server.config.tls.private);
+                                    }
+                                    if(server.config.tls.public){
+                                        server.config.tls.cert=fs.readFileSync(server.config.tls.public);
+                                    }
+                                    if(server.config.tls.dhparam){
+                                        server.config.tls.dhparam=fs.readFileSync(server.config.tls.dhparam);
+                                    }
+                                    if(server.config.tls.trustedConnections){
+                                        if(typeof server.config.tls.trustedConnections === 'string'){
+                                            server.config.tls.trustedConnections=[server.config.tls.trustedConnections];
+                                        }
+                                        server.config.tls.ca=[];
+                                        for(var i=0; i<server.config.tls.trustedConnections.length; i++){
+                                            server.config.tls.ca.push(
+                                                fs.readFileSync(server.config.tls.trustedConnections[i])
+                                            );
+                                        }
+                                    }
+                                    server.server=tls.createServer(
+                                        server.config.tls,
+                                        serverCreated
+                                    );
+                                }
                             }else{
                                 function UDPWrite(message,socket){
                                     var data=new Buffer(message, server.config.encoding);
@@ -267,7 +296,7 @@ function init(path,config,log,port){
                             }
 
                             if(!server.udp4 && !server.udp4){
-                                server.log('starting server as'.debug, 'TCP'.variable);
+                                server.log('starting server as'.debug, (server.config.tls?'TLS':'TCP').variable);
                                 server.server.listen(
                                     server.port,
                                     server.path,
diff --git a/local-node-ipc-certs/client.pub b/local-node-ipc-certs/client.pub
new file mode 100644
index 0000000..ddc23b4
--- /dev/null
+++ b/local-node-ipc-certs/client.pub
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID1jCCAr4CCQCWhOpk8haFZDANBgkqhkiG9w0BAQsFADCBrDELMAkGA1UEBhMC
+VVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1UaG91c2FuZCBPYWtzMRMwEQYDVQQK
+DApkaWdpbm93Lml0MSAwHgYDVQQLDBdPcGVuIHNvdXJjZSBkZXZlbG9wbWVudDEe
+MBwGA1UEAwwVQnJhbmRvbiBOb3pha2kgTWlsbGVyMSEwHwYJKoZIhvcNAQkBFhJi
+cmFuZG9uQGRpZ2lub3cuaXQwHhcNMTUwOTI3MjAwNjQ1WhcNMTUxMDI3MjAwNjQ1
+WjCBrDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1UaG91c2Fu
+ZCBPYWtzMRMwEQYDVQQKDApkaWdpbm93Lml0MSAwHgYDVQQLDBdPcGVuIHNvdXJj
+ZSBkZXZlbG9wbWVudDEeMBwGA1UEAwwVQnJhbmRvbiBOb3pha2kgTWlsbGVyMSEw
+HwYJKoZIhvcNAQkBFhJicmFuZG9uQGRpZ2lub3cuaXQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCs+3muN6ClcxTPDHdtoLFE7XzWcwZ5XoxFORPc0kr5
+Z4Qhay1DEASYvkH0TddIT1EiFn6uPrgoDnT/X9uShBb4d8NSU1cj3s0MSACtIFtg
+L8EGdX4XYpZDTf/MRC0RW3FYb90tQ5yWIzBwO4qAuMj2wxQY9Rvh05LgLfuctt+1
+SzuMjsZ+oZVLVyFcHBDUd53DRnfSfp06F3NDClliURbVpCBw5MnX8q+S7JQMBitJ
+W+y9xGkNUN1mP7fq48TE7Us4TCaySqcKeUg64zGd7HqmtrEHpjxocNnAMdZpqVeG
++nuuab6uQdR7WM1/qxY+RiNp5MIQG8hUMqmb8tlhTKo3AgMBAAEwDQYJKoZIhvcN
+AQELBQADggEBAGBKa9ZMil4FEoekNzVsoTO/EU53xHuinOpRwK40ET+mVpHRNxIN
+h4CguI233wWxoJ3ktJD3rKGp7yc5IvLz2e7pRbl8Zv/UuHYYSkOPj3fZTT5USyU9
+ITrEriSXr2WOu/X/YcVQBH6AHDPN8S/09LlOK6xhw20j5z27U3d29MfhJo5uSb7a
+ojTY/01lp2cJuPxdp30AY43otrzQ6N6G0/YbCQYPI14CM3cu3FMsZFMd3fPMfBsP
+wkhQ8hAM/qpFvvEGxvP8wXohfXk3EWQO+zUvToRFNvdDuc2DgjKBQ/084CLdyXIL
+vOmREmIbeZCC6HBC/fF79PTmkvZtXrZlauA=
+-----END CERTIFICATE-----
diff --git a/local-node-ipc-certs/openssl.cnf b/local-node-ipc-certs/openssl.cnf
new file mode 100644
index 0000000..3536a50
--- /dev/null
+++ b/local-node-ipc-certs/openssl.cnf
@@ -0,0 +1,352 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
+RANDFILE		= $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		=
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+# Policies used by the TSA examples.
+tsa_policy1 = 1.2.3.4.1
+tsa_policy2 = 1.2.3.4.5.6
+tsa_policy3 = 1.2.3.4.5.7
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= ./demoCA		# Where everything is kept
+certs		= $dir/certs		# Where the issued certs are kept
+crl_dir		= $dir/crl		# Where the issued crl are kept
+database	= $dir/index.txt	# database index file.
+#unique_subject	= no			# Set to 'no' to allow creation of
+					# several ctificates with same subject.
+new_certs_dir	= $dir/newcerts		# default place for new certs.
+
+certificate	= $dir/cacert.pem 	# The CA certificate
+serial		= $dir/serial 		# The current serial number
+crlnumber	= $dir/crlnumber	# the current crl number
+					# must be commented out to leave a V1 CRL
+crl		= $dir/crl.pem 		# The current CRL
+private_key	= $dir/private/cakey.pem# The private key
+RANDFILE	= $dir/private/.rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= default		# use public key default MD
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 2048
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString (PKIX recommendation before 2004)
+# utf8only: only UTF8Strings (PKIX recommendation after 2004).
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
+string_mask = utf8only
+
+req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (e.g. server FQDN or YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 64
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This is required for TSA certificates.
+# extendedKeyUsage = critical,timeStamping
+
+[ v3_req ]
+
+subjectAltName="DNS:localhost,IP:127.0.0.1"
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
+
+####################################################################
+[ tsa ]
+
+default_tsa = tsa_config1	# the default TSA section
+
+[ tsa_config1 ]
+
+# These are used by the TSA reply generation only.
+dir		= ./demoCA		# TSA root directory
+serial		= $dir/tsaserial	# The current serial number (mandatory)
+crypto_device	= builtin		# OpenSSL engine to use for signing
+signer_cert	= $dir/tsacert.pem 	# The TSA signing certificate
+					# (optional)
+certs		= $dir/cacert.pem	# Certificate chain to include in reply
+					# (optional)
+signer_key	= $dir/private/tsakey.pem # The TSA private key (optional)
+
+default_policy	= tsa_policy1		# Policy if request did not specify it
+					# (optional)
+other_policies	= tsa_policy2, tsa_policy3	# acceptable policies (optional)
+digests		= md5, sha1		# Acceptable message digests (mandatory)
+accuracy	= secs:1, millisecs:500, microsecs:100	# (optional)
+clock_precision_digits  = 0	# number of digits after dot. (optional)
+ordering		= yes	# Is ordering defined for timestamps?
+				# (optional, default: no)
+tsa_name		= yes	# Must the TSA name be included in the reply?
+				# (optional, default: no)
+ess_cert_id_chain	= no	# Must the ESS cert id chain be included?
+				# (optional, default: no)
diff --git a/local-node-ipc-certs/private/client.key b/local-node-ipc-certs/private/client.key
new file mode 100644
index 0000000..1dc9224
--- /dev/null
+++ b/local-node-ipc-certs/private/client.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEArPt5rjegpXMUzwx3baCxRO181nMGeV6MRTkT3NJK+WeEIWst
+QxAEmL5B9E3XSE9RIhZ+rj64KA50/1/bkoQW+HfDUlNXI97NDEgArSBbYC/BBnV+
+F2KWQ03/zEQtEVtxWG/dLUOcliMwcDuKgLjI9sMUGPUb4dOS4C37nLbftUs7jI7G
+fqGVS1chXBwQ1Hedw0Z30n6dOhdzQwpZYlEW1aQgcOTJ1/KvkuyUDAYrSVvsvcRp
+DVDdZj+36uPExO1LOEwmskqnCnlIOuMxnex6praxB6Y8aHDZwDHWaalXhvp7rmm+
+rkHUe1jNf6sWPkYjaeTCEBvIVDKpm/LZYUyqNwIDAQABAoIBACVmsiaDDI75VPR3
+g5MGfY2js6xCbpHraXTGJI9IQMGwKhd3ru+jFPtZl7UU54lQ7P/r0TQnh3XRumZE
++ZqySK0sZ+Ty9BJjZ/5RyyOjrV4ctSWKXdr8i/S9dqNZ0kzAcr9mYHIa/k5QCXca
+yJWQXpNMFppW1NJ9BnLGPnLh73ipEpR1AhJCD3lMXP2JtqyLa9xSJffOlxgULjcC
+D/Dd5+nMtIJ5w8fv9kJ65/HtOhbDB9qspPrPRhur0YivxiMjqZow01lXcy5LfFnd
+lf+MCXeIPZ60Cms/HFlOk7qwOIxuPKwU/x95OozVrrl+Wqxjy88kcOtrmPlp89ps
+6onXo/ECgYEA0/+odOFaUeiakQ+yJFpBxbVii5ASqNXhworctHyo1PNiavBssgSx
+ye9RJMtb/fIJp4VF/gYhSFPTLlQ50UE7fHFF/2FSmwEUcfBXVyKrARyKkaiLp0HB
+7CmKJnGiyeZHXBCR/C4XUcMwNPT2mL31nriXLOCJTdhnfN9M7YTlv9MCgYEA0OK4
+4/cHkPAgbd2nhq/dmcQktBwu6QigYoHB6l0K2W34dmSR2dzxE45EkF8H+i1sYhiU
+ZJs3g9HR8Kp6IgAs3Lowb+df9ITY4jDI640/y1oVxZCTWpfJfi8VAZHX4jPamLo/
+w5N9nYdW0Uj10KpKzkckB3CaBea6yKR/YvDHEY0CgYAzz8rK7fyWAiQsicp+6fQj
+LsZr14VH8CXh1vBDyCe3C9ikzCe0hkMxWCTbuju8X7gOUhseDz95HsuBCiKrSqcQ
+LdrupEl9CpGFmzitWhKzDder66Zd9UtAvZI+/QzNDVOpY39aQ6V9XRfeCXRvNhXe
+ebywwhusg9QfB7AUaKOB8wKBgCjKfYyW6vVUzyBlTpewtDeY5AoADvEW7CsQZ8va
+i4nWPdTw4sKGsNU+zQjcZfRm9mlZn3DeFsM5MCQtRlhpbFlWSqsvpb9cSfYxzKqj
+FLgjSWkhSIVCauinTRTXZC8aLS/x/w20Oa2PhlasRsSO3LjXj6OcS5enbQZNiUrK
+9jTpAoGBAJyZorfQPcDAEzoYsY2qDUUx8EkPX1FWJfL6iUMjgq9oBBxmk2b6bhup
+e1qTG/hyjwjHXPH/K68q2J7HNDIZjY2BM4vbC/REMszcP/zL4jCXEPGO4WLdGCs9
++fDXcu0ObBzTgL0HJ5bqhcybhRy6w5dQoSviOjSYkuJSp8+AXSV7
+-----END RSA PRIVATE KEY-----
diff --git a/local-node-ipc-certs/private/dhparam.pem b/local-node-ipc-certs/private/dhparam.pem
new file mode 100644
index 0000000..942782d
--- /dev/null
+++ b/local-node-ipc-certs/private/dhparam.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAqMIoOYH2rh4xZg8WaUo13fNetYxnqmh7xLmozkDHSEcKsBcCtlxJ
+if1vKRMfa6z4gT7mS2VaFOMkXPlwDxpnr4CAcfXcy8rSrpItTxlGrNVZRSd24HvH
+IxXIPvaFwQWqXBvtxFwFRrMZOo+KICqKM3KsqJbz6DWtum/dKpGO/dtcQq2ZPWe1
+Dmb/yS4lqEngU/td6tZ558IjQgFnXC0zjquxrxy/LorBW751wiVzOGAjj/4ybdIx
+GuO1UEcps+18ealGEThHjDZwC5w69Zo+82Ned2Vl8nqk0klaJv+5CaOhmNmTR3Sj
+PDD7nFgCnBQ9UHde6j6DnytNMJRkrk3ucwIBAg==
+-----END DH PARAMETERS-----
diff --git a/local-node-ipc-certs/private/server.key b/local-node-ipc-certs/private/server.key
new file mode 100644
index 0000000..f544eb4
--- /dev/null
+++ b/local-node-ipc-certs/private/server.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAoIAKszKHSLHzNPSrI/unpfhMYqBz5V8u+31uY02l2YSt+xgU
+s7tiv3pD3Q0b9B7AyeQQXCPqSoo7HK3nUkrafWBLXVBZwpVnZtLleXTPwB1xZXP2
+LJMCTxKIN0EbThU4K+PaMgzLq6pr8uOZpzxlJPHMH7W8Nf+8tlNa4WveuP2gDXvr
+k+hVNL68Dctt0Tl9BKsMNyOPdrOKbgFO7vTo5jI/GoIaQpfVYitazUBOiGY+7tNp
+En+0i+dNorotNT1C5nRRkg7XsQkXzHuuf6CExZ+ckYycg1KDhEAMGE2GLUoJ1ayP
+7ioHwxqXZBRCPpuFGx/d0WSwnTIDMpi87PqdUQIDAQABAoIBACCBbilWzXFaoPAT
+sWmLOSvy+r1q064bte83Oxkfi7xfE8Fr4h14kQpIn9/wHL43UEJTT0DqATRxhIFN
+czEGefO0ge73LAatrZB0nAcaMk0taV7rumrSp0AOd8oBBJ+uyn6RGgrS7pjo3g4G
+LINjRvTRh87QRrsE/VpLzXckGqqKWRssjV5+v7cP9GqlIUFIgdaNWtQCLjMeJmaQ
+cZPCScqz9U/iKyk4fHp7UPdhTzDVH23mqyGVMc0rm9lWMO0PHw5NK866RNyZCmHl
+o3qz1WQfe/z0Fbo+/KF4Zx5cO0AJTPtHlV0tQVlqjTPc390NwE4BBE1CK207eovk
+yKN+NPECgYEA1fBdLdDY4PRPciRHRztD6IRV/CtrYNx6IRuX2akqvcDI5tm7A0aU
+CIRbxbqnMAto1gqYBcqITaLs1LG/DzGLTeY4Dbm7bCOK560Xm5EfcGptWZBPeVpG
+Ag8oM+IBmmkxLxxgwDJjg/hRjim/Bzlvhpa4VX9gxm916v/odjQFlaUCgYEAwA4V
+JR8dwt7KJE9I3RLyB2T6rNglJrBb+8aVC2uOinu6FLs5LFPzzDEnt23cNWEm/PCw
+jrEiNlth8sLEkVj2mSWSOe7t14tzSoJBz/+MUns8InphexC7rNNeYtWVWunU56x1
+jlXAy66gtrV7DuRt8yR2m/gDA6suVlqMi8P+ET0CgYAvm6WgpHEe3j8vr1MNTur1
+uz1HOIJUs7uZ0oIgNb0FLPmIJbuwJuyaWJnzjm3WCzPxLbpWz5M1c6QwUL2rq+LM
+GwcuRr6meeJXW/V88PaGFajv3WVSI/ygSK8xnIGu0unXCgGdw5jRrVi4wiF4gheH
+Y9Lxc78daYBcI0afx0PW4QKBgQCU+heS7Rkz8YgSNGJMAwc1jzIYY64l3cXsfzVc
+X3l5mNJWhIisBw9lxHePhSu9SHhq2vXKKkNksOxA2K6MJNtdHtTYFavveF/dWz9b
+7lpWHPwfrpjxUqCSRn+/4PfzRtF9SL0DxSdBmFtYf1xOyAk2A4HyKKeF8AKIv8Ko
+JEdv7QKBgQCiuS/161OJDO4VQ5tNUErTLvsBBqFqXe3JXCbaMw97hAurh8zCwCye
+x/bI8pNp3JgIQmUd784x7BcyzRPV8Nfr1UylKikgcALiojQRRqOpNTNh2yITcxHA
+dEvO61W2kh+uOFVoUc6TSyqyjaG0p1u+qcqJ8JWdr1FfR8vD6bzp4Q==
+-----END RSA PRIVATE KEY-----
diff --git a/local-node-ipc-certs/server.pub b/local-node-ipc-certs/server.pub
new file mode 100644
index 0000000..474cfe5
--- /dev/null
+++ b/local-node-ipc-certs/server.pub
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEETCCAvmgAwIBAgIJAK9UFY6LVBSZMA0GCSqGSIb3DQEBCwUAMIGeMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNVGhvdXNhbmQg
+T2FrczEVMBMGA1UECgwMRGlnaU5vdyBJbmMuMRQwEgYDVQQLDAtkZXZlbG9wbWVu
+dDESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZIhvcNAQkBFhJicmFuZG9uQGRp
+Z2lub3cuaXQwHhcNMTUwOTI4MDQyMzUwWhcNMzcwODIzMDQyMzUwWjCBnjELMAkG
+A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVRob3VzYW5k
+IE9ha3MxFTATBgNVBAoMDERpZ2lOb3cgSW5jLjEUMBIGA1UECwwLZGV2ZWxvcG1l
+bnQxEjAQBgNVBAMMCWxvY2FsaG9zdDEhMB8GCSqGSIb3DQEJARYSYnJhbmRvbkBk
+aWdpbm93Lml0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoIAKszKH
+SLHzNPSrI/unpfhMYqBz5V8u+31uY02l2YSt+xgUs7tiv3pD3Q0b9B7AyeQQXCPq
+Soo7HK3nUkrafWBLXVBZwpVnZtLleXTPwB1xZXP2LJMCTxKIN0EbThU4K+PaMgzL
+q6pr8uOZpzxlJPHMH7W8Nf+8tlNa4WveuP2gDXvrk+hVNL68Dctt0Tl9BKsMNyOP
+drOKbgFO7vTo5jI/GoIaQpfVYitazUBOiGY+7tNpEn+0i+dNorotNT1C5nRRkg7X
+sQkXzHuuf6CExZ+ckYycg1KDhEAMGE2GLUoJ1ayP7ioHwxqXZBRCPpuFGx/d0WSw
+nTIDMpi87PqdUQIDAQABo1AwTjAdBgNVHQ4EFgQUOUfhWvfT6NwX54GJty0g5xle
+UdYwHwYDVR0jBBgwFoAUOUfhWvfT6NwX54GJty0g5xleUdYwDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAVFmV+yCwKJxZu2qV3SRBBVex3uvgzmjKa98S
+Be+ns9yGX2nUE+m7ZeEu3iZWGIiW5HwtuYdtf1XpgnhK6a9eAw6IqTx2l2z6sot1
+lxWtSVR/fUEo0QV6TMkOzCZCfHQDENMk+RPcVihx7CbxbNdW9dFPRnOaxu1woVeV
+KDTp1ZYWLW77QWAXTiYrgWBnHHiDVJb0+iPdJ4t4tjTsQPbcClHPEXvsuAtODuZg
+N+pkRw5BuVbyC30B+Sa1DXz5l2XU2/lGfsQ91bAedqju7vQCOJvbDlGC+bMZP2hO
+wDnoFyWYjkaI4/u2L1J28MNDp627er2OvwJTph2++tWcvBI9tg==
+-----END CERTIFICATE-----
diff --git a/node-ipc.js b/node-ipc.js
index 1482b86..d60e904 100644
--- a/node-ipc.js
+++ b/node-ipc.js
@@ -16,7 +16,7 @@ colors.setTheme(
         debug   : 'magenta',
         variable: 'cyan',
         data    : 'blue'
-    }    
+    }
 );
 
 var IPType=os.networkInterfaces()[
@@ -36,7 +36,8 @@ var defaults={
     retry           : 500,
     maxRetries      : Infinity,
     stopRetrying    : false,
-    IPType          : IPType
+    IPType          : IPType,
+    tls             : false
 }
 
 var ipc = {
@@ -54,16 +55,16 @@ var ipc = {
 function log(){
     if(ipc.config.silent)
         return;
-    
+
     var args=Array.prototype.slice.call(arguments);
-    
+
     for(var i=0, count=args.length; i<count; i++){
         if(typeof args[i] != 'object')
             continue;
-            
+
         args[i]=util.inspect(args[i],{colors:true});
     }
-    
+
     console.log(
         args.join(' ')
     );
@@ -72,41 +73,41 @@ function log(){
 function disconnect(id){
     if(!ipc.of[id])
         return;
-    
+
     ipc.of[id].config.stopRetrying=true;
-    
+
     ipc.of[id].off('*');
     if(ipc.of[id].socket){
         if(ipc.of[id].socket.destroy)
             ipc.of[id].socket.destroy();
     }
-    
+
     delete ipc.of[id];
 }
 
 function serve(path,callback){
     if(typeof path=='function'){
         callback=path;
-        path=false;   
+        path=false;
     }
     if(!path){
         ipc.log(
-            'Server path not specified, so defaulting to'.notice, 
-            'ipc.config.socketRoot + ipc.config.appspace + ipc.config.id'.variable, 
+            'Server path not specified, so defaulting to'.notice,
+            'ipc.config.socketRoot + ipc.config.appspace + ipc.config.id'.variable,
             (ipc.config.socketRoot+ipc.config.appspace+ipc.config.id).data
         );
         path=ipc.config.socketRoot+ipc.config.appspace+ipc.config.id;
     }
-    
+
     if(!callback)
         callback=function(){};
-    
+
     ipc.server=new Server(
         path,
         ipc.config,
         log
     );
-    
+
     ipc.server.on(
         'start',
         callback
@@ -118,18 +119,18 @@ function serveNet(host,port,UDPType,callback){
         callback=UDPType;
         UDPType=port;
         port=host;
-        host=false;   
+        host=false;
     }
     if(typeof host=='function'){
         callback=host;
         UDPType=false;
         host=false;
-        port=false;   
+        port=false;
     }
     if(!host){
         ipc.log(
-            'Server host not specified, so defaulting to'.notice, 
-            'ipc.config.networkHost'.variable, 
+            'Server host not specified, so defaulting to'.notice,
+            'ipc.config.networkHost'.variable,
             ipc.config.networkHost.data
         );
         host=ipc.config.networkHost;
@@ -138,13 +139,13 @@ function serveNet(host,port,UDPType,callback){
         callback=port;
         UDPType=host.toLowerCase();
         port=false;
-        host=ipc.config.networkHost;   
+        host=ipc.config.networkHost;
     }
-    
+
     if(typeof port=='string'){
         callback=UDPType;
         UDPType=port;
-        port=false;   
+        port=false;
     }
     if(typeof port=='function'){
         callback=port;
@@ -153,18 +154,18 @@ function serveNet(host,port,UDPType,callback){
     }
     if(!port){
         ipc.log(
-            'Server port not specified, so defaulting to'.notice, 
-            'ipc.config.networkPort'.variable, 
+            'Server port not specified, so defaulting to'.notice,
+            'ipc.config.networkPort'.variable,
             ipc.config.networkPort
         );
         port=ipc.config.networkPort;
     }
-    
+
     if(typeof UDPType=='function'){
         callback=UDPType;
         UDPType=false;
     }
-    
+
     if(!callback)
         callback=function(){};
 
@@ -190,10 +191,10 @@ function connect(id,path,callback){
         callback=path;
         path=false;
     }
-    
+
     if(!callback)
         callback=function(){};
-    
+
     if(!id){
         ipc.log(
             'Service id required'.warn,
@@ -201,20 +202,20 @@ function connect(id,path,callback){
         );
         return;
     }
-    
+
     if(!path){
         ipc.log(
-            'Service path not specified, so defaulting to'.notice, 
-            'ipc.config.socketRoot + ipc.config.appspace + id'.variable, 
+            'Service path not specified, so defaulting to'.notice,
+            'ipc.config.socketRoot + ipc.config.appspace + id'.variable,
             (ipc.config.socketRoot+ipc.config.appspace+id).data
         );
         path=ipc.config.socketRoot+ipc.config.appspace+id;
     }
-    
+
     if(ipc.of[id]){
         if(!ipc.of[id].socket.destroyed){
             ipc.log(
-                'Already Connected to'.notice, 
+                'Already Connected to'.notice,
                 id.variable,
                 '- So executing success without connection'.notice
             );
@@ -223,13 +224,13 @@ function connect(id,path,callback){
         }
         ipc.of[id].socket.destroy();
     }
-    
+
     ipc.of[id]       = new Client(ipc.config,ipc.log);
     ipc.of[id].id    = id;
     ipc.of[id].path  = path;
-    
+
     ipc.of[id].connect();
-    
+
     callback(ipc);
 }
 
@@ -249,41 +250,41 @@ function connectNet(id,host,port,callback){
     if(typeof host=='function'){
         callback=host;
         host=false;
-        port=false;   
+        port=false;
     }
     if(!host){
         ipc.log(
-            'Server host not specified, so defaulting to'.notice, 
-            'ipc.config.networkHost'.variable, 
+            'Server host not specified, so defaulting to'.notice,
+            'ipc.config.networkHost'.variable,
             ipc.config.networkHost.data
         );
         host=ipc.config.networkHost;
     }
-    
+
     if(typeof port=='function'){
         callback=port;
-        port=false;   
+        port=false;
     }
     if(!port){
         ipc.log(
-            'Server port not specified, so defaulting to'.notice, 
-            'ipc.config.networkPort'.variable, 
+            'Server port not specified, so defaulting to'.notice,
+            'ipc.config.networkPort'.variable,
             ipc.config.networkPort
         );
         port=ipc.config.networkPort;
     }
-    
+
     if(typeof callback == 'string'){
         UDPType=callback;
         callback=false;
     }
     if(!callback)
         callback=function(){};
-    
+
     if(ipc.of[id]){
         if(!ipc.of[id].socket.destroyed){
             ipc.log(
-                'Already Connected to'.notice, 
+                'Already Connected to'.notice,
                 id.variable,
                 '- So executing success without connection'.notice
             );
@@ -292,14 +293,14 @@ function connectNet(id,host,port,callback){
         }
         ipc.of[id].socket.destroy();
     }
-    
+
     ipc.of[id]       = new Client(ipc.config,ipc.log);
     ipc.of[id].id    = id;
     ipc.of[id].path  = host;
     ipc.of[id].port  = port;
-    
+
     ipc.of[id].connect();
-    
+
     callback(ipc);
 }