Gopher over TLS (GoT) server for Node.js to accept both plaintext and TLS connections on the same port (e.g. 70/tcp).
Presented by Sebastiaan Deckers at WFHConf on 2020-03-26.
new GopherServer([options][, gopherConnectionListener])The GopherServer class is a subclass of net.Server that accepts either plaintext or TLS connections.
options Same as net.Server and tls.Socket.
gopherConnectionListener Set as listener for gopherConnection event.
gopherConnectionsocket Instance of either tls.Socket or net.Socket.type String that is either tls or net.const { GopherServer } = require('goth')
const server = new GopherServer({ key, cert, ca }, (socket, type) => {
console.log(`Connected via ${type} to domain ${socket.servername}`)
})
Connect with the OpenSSL s_client tool using the SNI and ALPN options. As an example, the commons.host domain supports GoT on port 70.
echo -ne "/\r\n" | openssl s_client -ign_eof -servername commons.host -alpn gopher -connect commons.host:70
-servername commons.host is sent in the TLS ClientHello opening packet as Server Name Identifier (SNI). This usually, but not necessarily, matches the -connect hostname. SNI lets the TLS server respond with the appropriate certificate for the desired domain, allowing virtual hosting of multiple domains on the same IP address.
-alpn gopher tells the server which protocol the client intends to speak over the TLS connection. This provides forward compatibility for protocol revisions.
The Gopher over TLS (GoT) protocol is meant to be simple to implement and acts as a blind transport for the Gopher protocol. GoT supports any TCP port, including the default Gopher TCP port 70.
A GoT client attempts a TLS handshake with gopher as the ALPN identifier. If the TCP/IP socket was successful but the attempt fails without receiving a ServerHello message, a GoT client may attempt to connect without TLS, treating the connection as plaintext Gopher. This failure may be cached for as long as the server's DNS records are valid.
A GoT server should accept both Gopher over TLS and plaintext Gopher on the same TCP port. A GoT server detects a GoT client by checking the first packet received on a socket. If the payload of the first packet ends in CRLF then the GoT server should handle the payload as a plaintext Gopher request. Otherwise the GoT server should attempt a TLS handshake with gopher as the ALPN identifier.
A GoT client must include the SNI server name. A GoT server may use the SNI server name to serve Gopher content for its indicated domain. This allows virtual hosting of several domains by a multi-tenant GoT server.
FAQs
Gopher over TLS (GoT) server
The npm package goth receives a total of 12 weekly downloads. As such, goth popularity was classified as not popular.
We found that goth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.