Certificate validation is an important aspect of Transport Layer Security (TLS) connections as it helps to ensure the authenticity and integrity of the data being transmitted. Disabling certificate validation can lead to several security risks, including Man-in-the-Middle Attacks. Without certificate validation, it is possible for an attacker to intercept the communication and present a fake certificate to the client. This allows the attacker to read and potentially modify the data being transmitted.
Setting the rejectUnauthorized
option to false
is one such way of disabling certificate validation when initiating a TLS connection using http
, https
or tls
modules.
By default, rejectUnauthorized
is always true
.
import tls from 'tls'
tls.connect(
{
rejectUnauthorized: false
},
response => {}
)
import tls from 'tls'
tls.connect(
{
rejectUnauthorized: true // alternatively: Do not set `rejectUnauthorized`, as it is configured correctly by default.
},
response => {}
)