equivalent function to curl --verbose?

[cailin-lai]

Hi Team,
Is there equivalent function to curl --verbose? See following outputs, it will be good for trouble-shooting connection issue. Thanks!

curl --verbose -I https://github.com

Rebuilt URL to: https://github.com/
Trying 192.30.253.112...
TCP_NODELAY set
Connected to github.com (192.30.253.112) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@strength
successfully set certificate verify locations:
CAfile: /etc/ssl/cert.pem
CApath: none
TLSv1.2 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Client hello (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS change cipher, Client hello (1):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
ALPN, server accepted to use http/1.1
Server certificate:
subject: businessCategory=Private Organization; 1.3.6.1.4.1.311.60.2.1.3=US; 1.3.6.1.4.1.311.60.2.1.2=Delaware; serialNumber=5157550; C=US; ST=California; L=San Francisco; O=GitHub, Inc.; CN=github.com
start date: May 8 00:00:00 2018 GMT
expire date: Jun 3 12:00:00 2020 GMT
issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
SSL certificate verify ok.
.....

[cailin-lai]

I know that TLSSocket.getPeerCertificate() works well to get certificate, but how to get the handshake process?
Thanks.

[mscdex]

This issue tracker is for reporting bugs in node core and submitting feature requests for node core.

General help questions should be posted to the nodejs/help issue tracker instead.

Issues with third-party modules, npm, or other tools that use node, should be posted to the appropriate issue tracker for that project, unless it can be proven that the issue is in fact with node core and not the module/tool in question.

[sam-github]

@cailin-lai I have code locally to enable TLS trace output, but formalizing it into an API is a fair amount of work because there are many choices to be made, with lots of tradeoffs. There are two callbacks that give information about TLS progress (at different granularity). There are multiple ways to format the info from the callback, and one of the ways of formatting the info isn't even compiled by default -- SSL_trace(). Once formatted, it can be directly printed or callbacked into JS where JS would have to deal with it. Or maybe both should be possible? So, its on my radar, but not likely to happen soon.

Use wireshark to observe the handshake, or see if you can enable TLS tracing for the non-node side of the handshake. Also, NODE_DEBUG=tls,http,https maybe helpful.

[sam-github]

@mscdex While this was formulated as a question, I think it implies a feature request. I don't know if its worth keeping open to track, though, our issue tracker could grow without bounds, and its surely not good first contribution material.

[cailin-lai]

Thanks @sam-github.
Hopefully, the SSL Trace function will be integrated in the near feature.
Well, I will take tries to see whether or not we can get some info by node debug.
Appreciate for help!