1 files changed, 35 insertions, 2 deletions

diff --git a/lib/tls.js b/lib/tls.js
index 554ddb77b8..96b6ec8d34 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -31,6 +31,8 @@ const net = require('net');
 const url = require('url');
 const binding = process.binding('crypto');
 const Buffer = require('buffer').Buffer;
+const EventEmitter = require('events');
+const DuplexPair = require('internal/streams/duplexpair');
 const canonicalizeIP = process.binding('cares_wrap').canonicalizeIP;
 
 // Allow {CLIENT_RENEG_LIMIT} client-initiated session renegotiations
@@ -230,6 +232,33 @@ exports.checkServerIdentity = function checkServerIdentity(host, cert) {
   }
 };
 
+
+class SecurePair extends EventEmitter {
+  constructor(secureContext = exports.createSecureContext(),
+              isServer = false,
+              requestCert = !isServer,
+              rejectUnauthorized = false,
+              options = {}) {
+    super();
+    const { socket1, socket2 } = new DuplexPair();
+
+    this.server = options.server;
+    this.credentials = secureContext;
+
+    this.encrypted = socket1;
+    this.cleartext = new exports.TLSSocket(socket2, Object.assign({
+      secureContext, isServer, requestCert, rejectUnauthorized
+    }, options));
+    this.cleartext.once('secure', () => this.emit('secure'));
+  }
+
+  destroy() {
+    this.cleartext.destroy();
+    this.encrypted.destroy();
+  }
+}
+
+
 exports.parseCertString = internalUtil.deprecate(
   internalTLS.parseCertString,
   'tls.parseCertString() is deprecated. ' +
@@ -243,5 +272,9 @@ exports.Server = require('_tls_wrap').Server;
 exports.createServer = require('_tls_wrap').createServer;
 exports.connect = require('_tls_wrap').connect;
 
-// Deprecated: DEP0064
-exports.createSecurePair = require('_tls_legacy').createSecurePair;
+exports.createSecurePair = internalUtil.deprecate(
+  function createSecurePair(...args) {
+    return new SecurePair(...args);
+  },
+  'tls.createSecurePair() is deprecated. Please use ' +
+  'tls.TLSSocket instead.', 'DEP0064');