Documentation ¶
Overview ¶
Package tls partially implements TLS 1.2, as specified in RFC 5246.
Index ¶
- Constants
- Variables
- func FieldGenerateKey(field FiniteField, rand io.Reader) (priv []byte, pub *big.Int, err error)
- func Listen(network, laddr string, config *Config) (net.Listener, error)
- func NewListener(inner net.Listener, config *Config) net.Listener
- func XORKeyStream(out, in []byte, counter *[16]byte, key *[32]byte)
- type Certificate
- type CertificateRequestInfo
- type Certificates
- type CipherSuite
- type ClientAuthType
- type ClientHello
- type ClientHelloInfo
- type ClientKeyExchange
- type ClientSessionCache
- type ClientSessionState
- type Committer
- type CompressionMethod
- type Config
- type Conn
- func (c *Conn) CheckHeartbleed(b []byte) (n int, err error)
- func (c *Conn) Close() error
- func (c *Conn) CloseWrite() error
- func (c *Conn) ConfirmHandshake() error
- func (c *Conn) ConnectionState() ConnectionState
- func (c *Conn) GetHandshakeLog() *ServerHandshake
- func (c *Conn) GetHeartbleedLog() *Heartbleed
- func (c *Conn) Handshake() error
- func (c *Conn) InCipher() (cipher interface{})
- func (c *Conn) InSeq() []byte
- func (c *Conn) LocalAddr() net.Addr
- func (c *Conn) OCSPResponse() []byte
- func (c *Conn) OutCipher() (cipher interface{})
- func (c *Conn) OutSeq() []byte
- func (c *Conn) Read(b []byte) (n int, err error)
- func (c *Conn) RemoteAddr() net.Addr
- func (c *Conn) SetDeadline(t time.Time) error
- func (c *Conn) SetReadDeadline(t time.Time) error
- func (c *Conn) SetWriteDeadline(t time.Time) error
- func (c *Conn) VerifyHostname(host string) error
- func (c *Conn) Write(b []byte) (int, error)
- type ConnectionState
- type CurveID
- type DigitalSignature
- type Finished
- type FiniteField
- type Heartbleed
- type HelloRetryRequest
- type KeyMaterial
- type KeyShareT
- type MasterSecret
- type ParsedAndRawSCT
- type PointFormat
- type PreMasterSecret
- type RecordHeaderError
- type RenegotiationSupport
- type ServerHandshake
- type ServerHello
- type ServerKeyExchange
- type SessionTicket
- type SessionTicketSealer
- type SignatureAndHash
- type SignatureScheme
- type SimpleCertificate
- type TLSVersion
Examples ¶
Constants ¶
const ( SIDHp503PubKeySz = 378 SIDHp503PrvKeySz = 32 SIDHp503Curve25519PubKeySz = x25519Sz + SIDHp503PubKeySz SIDHp503Curve25519PrvKeySz = x25519Sz + SIDHp503PrvKeySz SIKEp503CtSz = SIDHp503PubKeySz + 24 SIKEp503Curve25519CtSz = x25519Sz + SIKEp503CtSz SIKEp503Curve25519PubKeySz = x25519Sz + SIDHp503PubKeySz SIKEp503Curve25519PrvKeySz = x25519Sz + SIDHp503PrvKeySz + 24 )
const ( // KeySize is the size of the key used by this AEAD, in bytes. KeySize = 32 // NonceSize is the size of the nonce used with this AEAD, in bytes. NonceSize = 12 )
const ( // TLS 1.0 - 1.2 cipher suites. To be used in Config.CipherSuites. TLS_NULL_WITH_NULL_NULL = 0x0000 TLS_RSA_WITH_NULL_MD5 = 0x0001 TLS_RSA_WITH_NULL_SHA = 0x0002 TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003 TLS_RSA_WITH_RC4_128_MD5 = 0x0004 TLS_RSA_WITH_RC4_128_SHA = 0x0005 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006 TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008 TLS_RSA_WITH_DES_CBC_SHA = 0x0009 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011 TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014 TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016 TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017 TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018 TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019 TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D TLS_KRB5_WITH_DES_CBC_SHA = 0x001E TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F TLS_KRB5_WITH_RC4_128_SHA = 0x0020 TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021 TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023 TLS_KRB5_WITH_RC4_128_MD5 = 0x0024 TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027 TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B TLS_PSK_WITH_NULL_SHA = 0x002C TLS_DHE_PSK_WITH_NULL_SHA = 0x002D TLS_RSA_PSK_WITH_NULL_SHA = 0x002E TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030 TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031 TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036 TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037 TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A TLS_RSA_WITH_NULL_SHA256 = 0x003B TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045 TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060 TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065 TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D TLS_GOSTR341094_WITH_28147_CNT_IMIT = 0x0080 TLS_GOSTR341001_WITH_28147_CNT_IMIT = 0x0081 TLS_GOSTR341094_WITH_NULL_GOSTR3411 = 0x0082 TLS_GOSTR341001_WITH_NULL_GOSTR3411 = 0x0083 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088 TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089 TLS_PSK_WITH_RC4_128_SHA = 0x008A TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090 TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091 TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093 TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094 TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095 TLS_RSA_WITH_SEED_CBC_SHA = 0x0096 TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097 TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098 TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099 TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5 TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6 TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF TLS_PSK_WITH_NULL_SHA256 = 0x00B0 TLS_PSK_WITH_NULL_SHA384 = 0x00B1 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3 TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4 TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7 TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8 TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4 TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5 TLS_RENEGO_PROTECTION_REQUEST = 0x00FF TLS_FALLBACK_SCSV = 0x5600 TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014 TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015 TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016 TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017 TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018 TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032 TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038 TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B TLS_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC03C TLS_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC03D TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC03E TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC03F TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC040 TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC041 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC042 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC043 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC044 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC045 TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256 = 0xC046 TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384 = 0xC047 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC048 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC049 TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC04A TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC04B TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04C TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04D TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04E TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04F TLS_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC050 TLS_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC051 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC052 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC053 TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC054 TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC055 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057 TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC058 TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC059 TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256 = 0xC05A TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384 = 0xC05B TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05C TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05D TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05E TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05F TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC060 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC061 TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC062 TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC063 TLS_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC064 TLS_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC065 TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC066 TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC067 TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC068 TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC069 TLS_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06A TLS_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06B TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06C TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06D TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06E TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06F TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC070 TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC071 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC072 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC073 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC074 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC075 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC076 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC077 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC078 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC079 TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07A TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07B TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07C TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07D TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07E TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07F TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081 TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC082 TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC083 TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256 = 0xC084 TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 = 0xC085 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC088 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC089 TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08A TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08B TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08C TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08D TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08E TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08F TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090 TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091 TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC092 TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC093 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC094 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC095 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC096 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC097 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC098 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC099 TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC09A TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC09B TLS_RSA_WITH_AES_128_CCM = 0xC09C TLS_RSA_WITH_AES_256_CCM = 0xC09D TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F TLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0 TLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1 TLS_DHE_RSA_WITH_AES_128_CCM_8 = 0xC0A2 TLS_DHE_RSA_WITH_AES_256_CCM_8 = 0xC0A3 TLS_PSK_WITH_AES_128_CCM = 0xC0A4 TLS_PSK_WITH_AES_256_CCM = 0xC0A5 TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6 TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7 TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8 TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9 TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 = 0xCAFE TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAA // Old ids for Chacha20 ciphers TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC13 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC14 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD = 0xCC15 //SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE //SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF //SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFFE0 //SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFFE1 SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80 SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81 SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82 SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83 SSL_EN_RC2_128_CBC_WITH_MD5 = 0xFF03 OP_PCL_TLS10_AES_128_CBC_SHA512 = 0xFF85 // TLS 1.3+ cipher suites. To be used in Config.TLS13CipherSuites. TLS_AES_128_GCM_SHA256 uint16 = 0x1301 TLS_AES_256_GCM_SHA384 uint16 = 0x1302 TLS_CHACHA20_POLY1305_SHA256 uint16 = 0x1303 TLS_AES_128_CCM_SHA256 uint16 = 0x1304 TLS_AES_128_CCM_8_SHA256 uint16 = 0x1305 )
A list of the possible cipher suite ids. Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
const ( VersionSSL30 = 0x0300 VersionTLS10 = 0x0301 VersionTLS11 = 0x0302 VersionTLS12 = 0x0303 VersionTLS13 = 0x0304 VersionTLS13Draft18 = 0x7f00 | 18 VersionTLS13Draft19 = 0x7f00 | 19 VersionTLS13Draft20 = 0x7f00 | 20 VersionTLS13Draft21 = 0x7f00 | 21 VersionTLS13Draft22 = 0x7f00 | 22 VersionTLS13Draft23 = 0x7f00 | 23 VersionTLS13Draft24 = 0x7f00 | 24 VersionTLS13Draft25 = 0x7f00 | 25 VersionTLS13Draft26 = 0x7f00 | 26 VersionTLS13Draft27 = 0x7f00 | 27 VersionTLS13Draft28 = 0x7f00 | 28 )
Variables ¶
var ChromeCiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_3DES_EDE_CBC_SHA, }
var ChromeNoDHECiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_3DES_EDE_CBC_SHA, }
var DHECiphers []uint16 = []uint16{ TLS_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, }
var DHEExportCiphers []uint16 = []uint16{ TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, }
var ECDHECiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, }
var ErrNoMutualCipher error = errors.New("no mutual cipher suite")
var ErrUnimplementedCipher error = errors.New("unimplemented cipher suite")
var ExportCiphers []uint16 = []uint16{ TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, }
var FirefoxCiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, }
var FirefoxNoDHECiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, }
var HELLO_RETRY_MAGIC = [32]byte{
0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11,
0xbe, 0x1d, 0x8c, 0x02, 0x1e, 0x65, 0xb8, 0x91,
0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e,
0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c,
}
var (
HeartbleedError = errors.New("Error after Heartbleed")
)
var RSA512ExportCiphers []uint16 = []uint16{ TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, }
var RSACiphers = []uint16{ TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, }
RSA Ciphers
var RSAExportCiphers []uint16 = []uint16{ TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, }
var SChannelSuites []uint16 = []uint16{ TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_RC4_128_SHA, }
var SafariCiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, }
var SafariNoDHECiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, }
Functions ¶
func FieldGenerateKey ¶
func Listen ¶
Listen creates a TLS listener accepting connections on the given network address using net.Listen. The configuration config must be non-nil and must have at least one certificate.
func NewListener ¶
NewListener creates a Listener which accepts connections from an inner Listener and wraps each connection with Server. The configuration config must be non-nil and must have at least one certificate.
func XORKeyStream ¶
XORKeyStream crypts bytes from in to out using the given key and counters. In and out must overlap entirely or not at all. Counter contains the raw ChaCha20 counter bytes (i.e. block counter followed by nonce).
Types ¶
type Certificate ¶
type Certificate struct { Certificate [][]byte // PrivateKey contains the private key corresponding to the public key // in Leaf. For a server, this must implement crypto.Signer and/or // crypto.Decrypter, with an RSA or ECDSA PublicKey. For a client // (performing client authentication), this must be a crypto.Signer // with an RSA or ECDSA PublicKey. PrivateKey crypto.PrivateKey // OCSPStaple contains an optional OCSP response which will be served // to clients that request it. OCSPStaple []byte // SignedCertificateTimestamps contains an optional list of Signed // Certificate Timestamps which will be served to clients that request it. SignedCertificateTimestamps [][]byte // Leaf is the parsed form of the leaf certificate, which may be // initialized using x509.ParseCertificate to reduce per-handshake // processing for TLS clients doing client authentication. If nil, the // leaf certificate will be parsed as needed. Leaf *x509.Certificate }
A Certificate is a chain of one or more certificates, leaf first.
func LoadX509KeyPair ¶
func LoadX509KeyPair(certFile, keyFile string) (cert Certificate, err error)
LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data.
func X509KeyPair ¶
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error)
X509KeyPair parses a public/private key pair from a pair of PEM encoded data.
type CertificateRequestInfo ¶
type CertificateRequestInfo struct { // AcceptableCAs contains zero or more, DER-encoded, X.501 // Distinguished Names. These are the names of root or intermediate CAs // that the server wishes the returned certificate to be signed by. An // empty slice indicates that the server has no preference. AcceptableCAs [][]byte // SignatureSchemes lists the signature schemes that the server is // willing to verify. SignatureSchemes []SignatureScheme }
CertificateRequestInfo contains information from a server's CertificateRequest message, which is used to demand a certificate and proof of control from a client.
type Certificates ¶
type Certificates struct { Certificate SimpleCertificate `json:"certificate,omitempty"` Chain []SimpleCertificate `json:"chain,omitempty"` Validation *x509.Validation `json:"validation,omitempty"` }
Certificates represents a TLS certificates message in a format friendly to the golang JSON library. ValidationError should be non-nil whenever Valid is false.
type CipherSuite ¶
type CipherSuite uint16
func (CipherSuite) Bytes ¶
func (cs CipherSuite) Bytes() []byte
func (*CipherSuite) MarshalJSON ¶
func (cs *CipherSuite) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshler interface
func (CipherSuite) String ¶
func (cs CipherSuite) String() string
func (*CipherSuite) UnmarshalJSON ¶
func (cs *CipherSuite) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
type ClientAuthType ¶
type ClientAuthType int
ClientAuthType declares the policy the server will follow for TLS Client Authentication.
const ( NoClientCert ClientAuthType = iota RequestClientCert RequireAnyClientCert VerifyClientCertIfGiven RequireAndVerifyClientCert )
type ClientHello ¶
type ClientHello struct { Version TLSVersion `json:"version"` Random []byte `json:"random"` SessionID []byte `json:"session_id,omitempty"` CipherSuites []CipherSuite `json:"cipher_suites"` CompressionMethods []CompressionMethod `json:"compression_methods"` OcspStapling bool `json:"ocsp_stapling"` TicketSupported bool `json:"ticket"` SecureRenegotiation bool `json:"secure_renegotiation"` HeartbeatSupported bool `json:"heartbeat"` ExtendedMasterSecret bool `json:"extended_master_secret"` NextProtoNeg bool `json:"next_protocol_negotiation"` ServerName string `json:"server_name,omitempty"` Scts bool `json:"scts"` SupportedCurves []CurveID `json:"supported_curves,omitempty"` SupportedPoints []PointFormat `json:"supported_point_formats,omitempty"` SessionTicket *SessionTicket `json:"session_ticket,omitempty"` SignatureAndHashes []SignatureScheme `json:"signature_and_hashes,omitempty"` SctEnabled bool `json:"sct_enabled"` AlpnProtocols []string `json:"alpn_protocols,omitempty"` SupportedVersions []uint16 `json:"supported_versions,omitempty"` UnknownExtensions [][]byte `json:"unknown_extensions,omitempty"` }
type ClientHelloInfo ¶
type ClientHelloInfo struct { // CipherSuites lists the CipherSuites supported by the client (e.g. // TLS_RSA_WITH_RC4_128_SHA). CipherSuites []uint16 // ServerName indicates the name of the server requested by the client // in order to support virtual hosting. ServerName is only set if the // client is using SNI (see // http://tools.ietf.org/html/rfc4366#section-3.1). ServerName string // SupportedCurves lists the elliptic curves supported by the client. // SupportedCurves is set only if the Supported Elliptic Curves // Extension is being used (see // http://tools.ietf.org/html/rfc4492#section-5.1.1). SupportedCurves []CurveID // SupportedPoints lists the point formats supported by the client. // SupportedPoints is set only if the Supported Point Formats Extension // is being used (see // http://tools.ietf.org/html/rfc4492#section-5.1.2). SupportedPoints []uint8 // SignatureSchemes lists the signature and hash schemes that the client // is willing to verify. SignatureSchemes is set only if the Signature // Algorithms Extension is being used (see // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1). SignatureSchemes []SignatureScheme // SupportedProtos lists the application protocols supported by the client. // SupportedProtos is set only if the Application-Layer Protocol // Negotiation Extension is being used (see // https://tools.ietf.org/html/rfc7301#section-3.1). // // Servers can select a protocol by setting Config.NextProtos in a // GetConfigForClient return value. SupportedProtos []string // SupportedVersions lists the TLS versions supported by the client. // For TLS versions less than 1.3, this is extrapolated from the max // version advertised by the client, so values other than the greatest // might be rejected if used. SupportedVersions []uint16 // Conn is the underlying net.Conn for the connection. Do not read // from, or write to, this connection; that will cause the TLS // connection to fail. Conn net.Conn // Offered0RTTData is true if the client announced that it will send // 0-RTT data. If the server Config.Accept0RTTData is true, and the // client offered a session ticket valid for that purpose, it will // be notified that the 0-RTT data is accepted and it will be made // immediately available for Read. Offered0RTTData bool // AcceptsDelegatedCredential is true if the client indicated willingness // to negotiate the delegated credential extension. AcceptsDelegatedCredential bool // The Fingerprint is an sequence of bytes unique to this Client Hello. // It can be used to prevent or mitigate 0-RTT data replays as it's // guaranteed that a replayed connection will have the same Fingerprint. Fingerprint []byte }
ClientHelloInfo contains information from a ClientHello message in order to guide certificate selection in the GetCertificate callback.
type ClientKeyExchange ¶
type ClientKeyExchange struct { Raw []byte `json:"-"` RSAParams *keys.RSAClientParams `json:"rsa_params,omitempty"` DHParams *keys.DHParams `json:"dh_params,omitempty"` ECDHParams *keys.ECDHParams `json:"ecdh_params,omitempty"` }
ClientKeyExchange represents the raw key data sent by the client in TLS key exchange message
type ClientSessionCache ¶
type ClientSessionCache interface { // Get searches for a ClientSessionState associated with the given key. // On return, ok is true if one was found. Get(sessionKey string) (session *ClientSessionState, ok bool) // Put adds the ClientSessionState to the cache with the given key. Put(sessionKey string, cs *ClientSessionState) }
ClientSessionCache is a cache of ClientSessionState objects that can be used by a client to resume a TLS session with a given server. ClientSessionCache implementations should expect to be called concurrently from different goroutines. Only ticket-based resumption is supported, not SessionID-based resumption.
func NewLRUClientSessionCache ¶
func NewLRUClientSessionCache(capacity int) ClientSessionCache
NewLRUClientSessionCache returns a ClientSessionCache with the given capacity that uses an LRU strategy. If capacity is < 1, a default capacity is used instead.
type ClientSessionState ¶
type ClientSessionState struct {
// contains filtered or unexported fields
}
ClientSessionState contains the state needed by clients to resume TLS sessions.
func (*ClientSessionState) MakeLog ¶
func (m *ClientSessionState) MakeLog() *SessionTicket
type CompressionMethod ¶
type CompressionMethod uint8
func (*CompressionMethod) MarshalJSON ¶
func (cm *CompressionMethod) MarshalJSON() ([]byte, error)
func (CompressionMethod) String ¶
func (cm CompressionMethod) String() string
func (*CompressionMethod) UnmarshalJSON ¶
func (cm *CompressionMethod) UnmarshalJSON(b []byte) error
type Config ¶
type Config struct { // Rand provides the source of entropy for nonces and RSA blinding. // If Rand is nil, TLS uses the cryptographic random reader in package // crypto/rand. // The Reader must be safe for use by multiple goroutines. Rand io.Reader // Time returns the current time as the number of seconds since the epoch. // If Time is nil, TLS uses time.Now. Time func() time.Time // Certificates contains one or more certificate chains to present to // the other side of the connection. Server configurations must include // at least one certificate or else set GetCertificate. Clients doing // client-authentication may set either Certificates or // GetClientCertificate. Certificates []Certificate // NameToCertificate maps from a certificate name to an element of // Certificates. Note that a certificate name can be of the form // '*.example.com' and so doesn't have to be a domain name as such. // See Config.BuildNameToCertificate // The nil value causes the first element of Certificates to be used // for all connections. NameToCertificate map[string]*Certificate // GetCertificate returns a Certificate based on the given // ClientHelloInfo. It will only be called if the client supplies SNI // information or if Certificates is empty. // // If GetCertificate is nil or returns nil, then the certificate is // retrieved from NameToCertificate. If NameToCertificate is nil, the // first element of Certificates will be used. GetCertificate func(*ClientHelloInfo) (*Certificate, error) // GetClientCertificate, if not nil, is called when a server requests a // certificate from a client. If set, the contents of Certificates will // be ignored. // // If GetClientCertificate returns an error, the handshake will be // aborted and that error will be returned. Otherwise // GetClientCertificate must return a non-nil Certificate. If // Certificate.Certificate is empty then no certificate will be sent to // the server. If this is unacceptable to the server then it may abort // the handshake. // // GetClientCertificate may be called multiple times for the same // connection if renegotiation occurs or if TLS 1.3 is in use. GetClientCertificate func(*CertificateRequestInfo) (*Certificate, error) // GetConfigForClient, if not nil, is called after a ClientHello is // received from a client. It may return a non-nil Config in order to // change the Config that will be used to handle this connection. If // the returned Config is nil, the original Config will be used. The // Config returned by this callback may not be subsequently modified. // // If GetConfigForClient is nil, the Config passed to Server() will be // used for all connections. // // Uniquely for the fields in the returned Config, session ticket keys // will be duplicated from the original Config if not set. // Specifically, if SetSessionTicketKeys was called on the original // config but not on the returned config then the ticket keys from the // original config will be copied into the new config before use. // Otherwise, if SessionTicketKey was set in the original config but // not in the returned config then it will be copied into the returned // config before use. If neither of those cases applies then the key // material from the returned config will be used for session tickets. GetConfigForClient func(*ClientHelloInfo) (*Config, error) // VerifyPeerCertificate, if not nil, is called after normal // certificate verification by either a TLS client or server. It // receives the raw ASN.1 certificates provided by the peer and also // any verified chains that normal processing found. If it returns a // non-nil error, the handshake is aborted and that error results. // // If normal verification fails then the handshake will abort before // considering this callback. If normal verification is disabled by // setting InsecureSkipVerify, or (for a server) when ClientAuth is // RequestClientCert or RequireAnyClientCert, then this callback will // be considered but the verifiedChains argument will always be nil. VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains []x509.CertificateChain) error // RootCAs defines the set of root certificate authorities // that clients use when verifying server certificates. // If RootCAs is nil, TLS uses the host's root CA set. RootCAs *x509.CertPool // NextProtos is a list of supported, application level protocols. NextProtos []string // ServerName is used to verify the hostname on the returned // certificates unless InsecureSkipVerify is given. It is also included // in the client's handshake to support virtual hosting unless it is // an IP address. ServerName string // ClientAuth determines the server's policy for // TLS Client Authentication. The default is NoClientCert. ClientAuth ClientAuthType // ClientCAs defines the set of root certificate authorities // that servers use if required to verify a client certificate // by the policy in ClientAuth. ClientCAs *x509.CertPool // InsecureSkipVerify controls whether a client verifies the // server's certificate chain and host name. // If InsecureSkipVerify is true, TLS accepts any certificate // presented by the server and any host name in that certificate. // In this mode, TLS is susceptible to man-in-the-middle attacks. // This should be used only for testing. InsecureSkipVerify bool // CipherSuites is a list of supported cipher suites to be used in // TLS 1.0-1.2. If CipherSuites is nil, TLS uses a list of suites // supported by the implementation. CipherSuites []uint16 // PreferServerCipherSuites controls whether the server selects the // client's most preferred ciphersuite, or the server's most preferred // ciphersuite. If true then the server's preference, as expressed in // the order of elements in CipherSuites, is used. PreferServerCipherSuites bool // SessionTicketsDisabled may be set to true to disable session ticket // (resumption) support. SessionTicketsDisabled bool // SessionTicketKey is used by TLS servers to provide session // resumption. See RFC 5077. If zero, it will be filled with // random data before the first server handshake. // // If multiple servers are terminating connections for the same host // they should all have the same SessionTicketKey. If the // SessionTicketKey leaks, previously recorded and future TLS // connections using that key are compromised. SessionTicketKey [32]byte // ClientSessionCache is a cache of ClientSessionState entries for TLS // session resumption. ClientSessionCache ClientSessionCache // MinVersion contains the minimum SSL/TLS version that is acceptable. // If zero, then TLS 1.0 is taken as the minimum. MinVersion uint16 // MaxVersion contains the maximum SSL/TLS version that is acceptable. // If zero, then the maximum version supported by this package is used, // which is currently TLS 1.2. MaxVersion uint16 // CurvePreferences contains the elliptic curves that will be used in // an ECDHE handshake, in preference order. If empty, the default will // be used. CurvePreferences []CurveID // If nil, only a keyshare for the first curve will be generated. KeysharesFor *[]CurveID // DynamicRecordSizingDisabled disables adaptive sizing of TLS records. // When true, the largest possible TLS record size is always used. When // false, the size of TLS records may be adjusted in an attempt to // improve latency. DynamicRecordSizingDisabled bool // Renegotiation controls what types of renegotiation are supported. // The default, none, is correct for the vast majority of applications. Renegotiation RenegotiationSupport // KeyLogWriter optionally specifies a destination for TLS master secrets // in NSS key log format that can be used to allow external programs // such as Wireshark to decrypt TLS connections. // See https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. // Use of KeyLogWriter compromises security and should only be // used for debugging. KeyLogWriter io.Writer // If Max0RTTDataSize is not zero, the client will be allowed to use // session tickets to send at most this number of bytes of 0-RTT data. // 0-RTT data is subject to replay and has memory DoS implications. // The server will later be able to refuse the 0-RTT data with // Accept0RTTData, or wait for the client to prove that it's not // replayed with Conn.ConfirmHandshake. // // It has no meaning on the client. // // See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-2.3. Max0RTTDataSize uint32 // Accept0RTTData makes the 0-RTT data received from the client // immediately available to Read. 0-RTT data is subject to replay. // Use Conn.ConfirmHandshake to wait until the data is known not // to be replayed after reading it. // // It has no meaning on the client. // // See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-2.3. Accept0RTTData bool // SessionTicketSealer, if not nil, is used to wrap and unwrap // session tickets, instead of SessionTicketKey. SessionTicketSealer SessionTicketSealer // Add all ciphers in CipherSuites to Client Hello even if unimplemented // Client-side Only ForceSuites bool // Export RSA Key ExportRSAKey *rsa.PrivateKey // HeartbeatEnabled sets whether the heartbeat extension is sent HeartbeatEnabled bool // ClientDSAEnabled sets whether a TLS client will accept server DSA keys // and DSS signatures ClientDSAEnabled bool // Force Client Hello to send TLS Session Ticket extension ForceSessionTicketExt bool // Enable use of the Extended Master Secret extension ExtendedMasterSecret bool SignedCertificateTimestampExt bool // Explicitly set Client random ClientRandom []byte // AcceptDelegatedCredential is true if the client is willing to negotiate // the delegated credential extension. // // This value has no meaning for the server. // // See https://tools.ietf.org/html/draft-ietf-tls-subcerts-02. AcceptDelegatedCredential bool // GetDelegatedCredential returns a DC and its private key for use in the // delegated credential extension. The inputs to the callback are some // information parsed from the ClientHello, as well as the protocol version // selected by the server. This is necessary because the DC is bound to the // protocol version in which it's used. The return value is the raw DC // encoded in the wire format specified in // https://tools.ietf.org/html/draft-ietf-tls-subcerts-02. If the return // value is nil, then the server will not offer negotiate the extension. // // This value has no meaning for the client. GetDelegatedCredential func(*ClientHelloInfo, uint16) ([]byte, crypto.PrivateKey, error) // Explicitly set ClientHello with raw data ExternalClientHello []byte // UseExtendedMasterSecret indicates whether or not the connection // should use the extended master secret computation if available UseExtendedMasterSecret bool // contains filtered or unexported fields }
A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified. A Config may be reused; the tls package will also not modify it.
func (*Config) BuildNameToCertificate ¶
func (c *Config) BuildNameToCertificate()
BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate from the CommonName and SubjectAlternateName fields of each of the leaf certificates.
func (*Config) Clone ¶
Clone returns a shallow clone of c. It is safe to clone a Config that is being used concurrently by a TLS client or server.
func (*Config) SetSessionTicketKeys ¶
SetSessionTicketKeys updates the session ticket keys for a server. The first key will be used when creating new tickets, while all keys can be used for decrypting tickets. It is safe to call this function while the server is running in order to rotate the session ticket keys. The function will panic if keys is empty.
type Conn ¶
type Conn struct {
// contains filtered or unexported fields
}
A Conn represents a secured connection. It implements the net.Conn interface.
func Client ¶
Client returns a new TLS client side connection using conn as the underlying transport. The config cannot be nil: users must set either ServerName or InsecureSkipVerify in the config.
func Dial ¶
Dial connects to the given network address using net.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Dial interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.
Example ¶
package main import ( "github.com/zmap/zcrypto/tls" "github.com/zmap/zcrypto/x509" ) func main() { // Connecting with a custom root-certificate set. const rootPEM = ` -----BEGIN CERTIFICATE----- MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7 qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY /iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/ zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6 yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx -----END CERTIFICATE-----` // First, create the set of root certificates. For this example we only // have one. It's also possible to omit this in order to use the // default root set of the current operating system. roots := x509.NewCertPool() ok := roots.AppendCertsFromPEM([]byte(rootPEM)) if !ok { panic("failed to parse root certificate") } conn, err := tls.Dial("tcp", "mail.google.com:443", &tls.Config{ RootCAs: roots, }) if err != nil { panic("failed to connect: " + err.Error()) } conn.Close() }
Output:
func DialWithDialer ¶
DialWithDialer connects to the given network address using dialer.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Any timeout or deadline given in the dialer apply to connection and TLS handshake as a whole.
DialWithDialer interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.
func Server ¶
Server returns a new TLS server side connection using conn as the underlying transport. The configuration config must be non-nil and must have at least one certificate.
func (*Conn) CloseWrite ¶
CloseWrite shuts down the writing side of the connection. It should only be called once the handshake has completed and does not call CloseWrite on the underlying connection. Most callers should just use Close.
func (*Conn) ConfirmHandshake ¶
ConfirmHandshake waits for the handshake to reach a point at which the connection is certainly not replayed. That is, after receiving the Client Finished.
If ConfirmHandshake returns an error and until ConfirmHandshake returns, the 0-RTT data should not be trusted not to be replayed.
This is only meaningful in TLS 1.3 when Accept0RTTData is true and the client sent valid 0-RTT data. In any other case it's equivalent to calling Handshake.
func (*Conn) ConnectionState ¶
func (c *Conn) ConnectionState() ConnectionState
ConnectionState returns basic TLS details about the connection.
func (*Conn) GetHandshakeLog ¶
func (c *Conn) GetHandshakeLog() *ServerHandshake
func (*Conn) GetHeartbleedLog ¶
func (c *Conn) GetHeartbleedLog() *Heartbleed
func (*Conn) Handshake ¶
Handshake runs the client or server handshake protocol if it has not yet been run. Most uses of this package need not call Handshake explicitly: the first Read or Write will call it automatically.
In TLS 1.3 Handshake returns after the client and server first flights, without waiting for the Client Finished.
func (*Conn) OCSPResponse ¶
OCSPResponse returns the stapled OCSP response from the TLS server, if any. (Only valid for client connections.)
func (*Conn) Read ¶
Read can be made to time out and return a net.Error with Timeout() == true after a fixed time limit; see SetDeadline and SetReadDeadline.
func (*Conn) RemoteAddr ¶
RemoteAddr returns the remote network address.
func (*Conn) SetDeadline ¶
SetDeadline sets the read and write deadlines associated with the connection. A zero value for t means Read and Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
func (*Conn) SetReadDeadline ¶
SetReadDeadline sets the read deadline on the underlying connection. A zero value for t means Read will not time out.
func (*Conn) SetWriteDeadline ¶
SetWriteDeadline sets the write deadline on the underlying connection. A zero value for t means Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
func (*Conn) VerifyHostname ¶
VerifyHostname checks that the peer certificate chain is valid for connecting to host. If so, it returns nil; if not, it returns an error describing the problem.
type ConnectionState ¶
type ConnectionState struct { ConnectionID []byte // Random unique connection id Version uint16 // TLS version used by the connection (e.g. VersionTLS12) HandshakeComplete bool // TLS handshake is complete DidResume bool // connection resumes a previous TLS connection CipherSuite uint16 // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...) NegotiatedProtocol string // negotiated next protocol (not guaranteed to be from Config.NextProtos) NegotiatedProtocolIsMutual bool // negotiated protocol was advertised by server (client side only) ServerName string // server name requested by client, if any (server side only) PeerCertificates []*x509.Certificate // certificate chain presented by remote peer VerifiedChains []x509.CertificateChain // verified chains built from PeerCertificates SignedCertificateTimestamps [][]byte // SCTs from the server, if any OCSPResponse []byte // stapled OCSP response from server, if any DelegatedCredential []byte // Delegated credential sent by the server, if any // TLSUnique contains the "tls-unique" channel binding value (see RFC // 5929, section 3). For resumed sessions this value will be nil // because resumption does not include enough context (see // https://mitls.org/pages/attacks/3SHAKE#channelbindings). This will // change in future versions of Go once the TLS master-secret fix has // been standardized and implemented. TLSUnique []byte // HandshakeConfirmed is true once all data returned by Read // (past and future) is guaranteed not to be replayed. HandshakeConfirmed bool // Unique0RTTToken is a value that never repeats, and can be used // to detect replay attacks against 0-RTT connections. // Unique0RTTToken is only present if HandshakeConfirmed is false. Unique0RTTToken []byte ClientHello []byte // ClientHello packet }
ConnectionState records basic TLS details about the connection.
type CurveID ¶
type CurveID uint16
CurveID is the type of a TLS identifier for an elliptic curve. See http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
TLS 1.3 refers to these as Groups, but this library implements only curve-based ones anyway. See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.4.
const ( CurveP256 CurveID = 23 CurveP384 CurveID = 24 CurveP521 CurveID = 25 X25519 CurveID = 29 X448 CurveID = 30 FFDHE2048 CurveID = 256 FFDHE3072 CurveID = 257 FFDHE4096 CurveID = 258 FFDHE6144 CurveID = 259 FFDHE8192 CurveID = 260 // Experimental KEX HybridSIDHp503Curve25519 CurveID = 0xFE30 HybridSIKEp503Curve25519 CurveID = 0xFE32 )
func (*CurveID) MarshalJSON ¶
func (*CurveID) UnmarshalJSON ¶
type DigitalSignature ¶
type DigitalSignature struct { Raw []byte `json:"raw"` Type string `json:"type,omitempty"` Valid bool `json:"valid"` SigHashExtension *SignatureAndHash `json:"signature_and_hash_type,omitempty"` Version TLSVersion `json:"tls_version"` }
DigitalSignature represents a signature for a digitally-signed-struct in the TLS record protocol. It is dependent on the version of TLS in use. In TLS 1.2, the first two bytes of the signature specify the signature and hash algorithms. These are contained the TLSSignature.Raw field, but also parsed out into TLSSignature.SigHashExtension. In older versions of TLS, the signature and hash extension is not used, and so TLSSignature.SigHashExtension will be empty. The version string is stored in TLSSignature.TLSVersion.
type Finished ¶
type Finished struct {
VerifyData []byte `json:"verify_data"`
}
Finished represents a TLS Finished message
type FiniteField ¶
type Heartbleed ¶
type HelloRetryRequest ¶
type KeyMaterial ¶
type KeyMaterial struct { MasterSecret *MasterSecret `json:"master_secret,omitempty"` PreMasterSecret *PreMasterSecret `json:"pre_master_secret,omitempty"` }
KeyMaterial explicitly represent the cryptographic values negotiated by the client and server
type MasterSecret ¶
type ParsedAndRawSCT ¶
type ParsedAndRawSCT struct { Raw []byte `json:"raw,omitempty"` Parsed *ct.SignedCertificateTimestamp `json:"parsed,omitempty"` }
type PointFormat ¶
type PointFormat uint8
func (*PointFormat) MarshalJSON ¶
func (pFormat *PointFormat) MarshalJSON() ([]byte, error)
func (PointFormat) String ¶
func (pFormat PointFormat) String() string
func (*PointFormat) UnmarshalJSON ¶
func (pFormat *PointFormat) UnmarshalJSON(b []byte) error
type PreMasterSecret ¶
type RecordHeaderError ¶
type RecordHeaderError struct { // Msg contains a human readable string that describes the error. Msg string // RecordHeader contains the five bytes of TLS record header that // triggered the error. RecordHeader [5]byte }
RecordHeaderError results when a TLS record header is invalid.
func (RecordHeaderError) Error ¶
func (e RecordHeaderError) Error() string
type RenegotiationSupport ¶
type RenegotiationSupport int
RenegotiationSupport enumerates the different levels of support for TLS renegotiation. TLS renegotiation is the act of performing subsequent handshakes on a connection after the first. This significantly complicates the state machine and has been the source of numerous, subtle security issues. Initiating a renegotiation is not supported, but support for accepting renegotiation requests may be enabled.
Even when enabled, the server may not change its identity between handshakes (i.e. the leaf certificate must be the same). Additionally, concurrent handshake and application data flow is not permitted so renegotiation can only be used with protocols that synchronise with the renegotiation, such as HTTPS.
const ( // RenegotiateNever disables renegotiation. RenegotiateNever RenegotiationSupport = iota // RenegotiateOnceAsClient allows a remote server to request // renegotiation once per connection. RenegotiateOnceAsClient // RenegotiateFreelyAsClient allows a remote server to repeatedly // request renegotiation. RenegotiateFreelyAsClient )
type ServerHandshake ¶
type ServerHandshake struct { ClientHello *ClientHello `json:"client_hello,omitempty"` ServerHello *ServerHello `json:"server_hello,omitempty"` ServerCertificates *Certificates `json:"server_certificates,omitempty"` ServerKeyExchange *ServerKeyExchange `json:"server_key_exchange,omitempty"` ClientKeyExchange *ClientKeyExchange `json:"client_key_exchange,omitempty"` ClientFinished *Finished `json:"client_finished,omitempty"` SessionTicket *SessionTicket `json:"session_ticket,omitempty"` SessionTickets []SessionTicket `json:"session_tickets,omitempty"` ServerFinished *Finished `json:"server_finished,omitempty"` KeyMaterial *KeyMaterial `json:"key_material,omitempty"` PacketEcho []byte `json:"echo,omitempty"` }
ServerHandshake stores all of the messages sent by the server during a standard TLS Handshake. It implements zgrab.EventData interface
type ServerHello ¶
type ServerHello struct { Version TLSVersion `json:"version"` Random []byte `json:"random"` SessionID []byte `json:"session_id"` CipherSuite CipherSuite `json:"cipher_suite"` CompressionMethod uint8 `json:"compression_method"` OcspStapling bool `json:"ocsp_stapling"` TicketSupported bool `json:"ticket"` SecureRenegotiation bool `json:"secure_renegotiation"` HeartbeatSupported bool `json:"heartbeat"` ExtendedMasterSecret bool `json:"extended_master_secret"` SignedCertificateTimestamps []ParsedAndRawSCT `json:"scts,omitempty"` Raw []byte `json:"raw,omitempty"` KeyShare KeyShareT `json:"keyshare"` }
type ServerKeyExchange ¶
type ServerKeyExchange struct { Raw []byte `json:"-"` RSAParams *keys.RSAPublicKey `json:"rsa_params,omitempty"` DHParams *keys.DHParams `json:"dh_params,omitempty"` ECDHParams *keys.ECDHParams `json:"ecdh_params,omitempty"` Signature *DigitalSignature `json:"signature,omitempty"` SignatureError string `json:"signature_error,omitempty"` }
ServerKeyExchange represents the raw key data sent by the server in TLS key exchange message
type SessionTicket ¶
type SessionTicket struct { Value []uint8 `json:"value,omitempty"` Length int `json:"length,omitempty"` LifetimeHint uint32 `json:"lifetime_hint,omitempty"` // TLS 1.3 fields Nonce []uint8 `json:"nonce,omitempty"` MaxEarlyDataLength uint32 `json:"max_early_data,omitempty"` AgeAdd uint32 `json:"age_add,omitempty"` }
SessionTicket represents the new session ticket sent by the server to the client
type SessionTicketSealer ¶
type SessionTicketSealer interface { // Seal returns a session ticket value that can be later passed to Unseal // to recover the content, usually by encrypting it. The ticket will be sent // to the client to be stored, and will be sent back in plaintext, so it can // be read and modified by an attacker. Seal(cs *ConnectionState, content []byte) (ticket []byte, err error) // Unseal returns a session ticket contents. The ticket can't be safely // assumed to have been generated by Seal. // If unable to unseal the ticket, the connection will proceed with a // complete handshake. Unseal(chi *ClientHelloInfo, ticket []byte) (content []byte, success bool) }
A SessionTicketSealer provides a way to securely encapsulate session state for storage on the client. All methods are safe for concurrent use.
type SignatureAndHash ¶
type SignatureAndHash SignatureScheme
SignatureAndHash is a signatureAndHash that implements json.Marshaler and json.Unmarshaler
func (*SignatureAndHash) MarshalJSON ¶
func (sh *SignatureAndHash) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (*SignatureAndHash) UnmarshalJSON ¶
func (sh *SignatureAndHash) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
type SignatureScheme ¶
type SignatureScheme uint16
SignatureScheme identifies a signature algorithm supported by TLS. See https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.3.
const ( PKCS1WithSHA1 SignatureScheme = 0x0201 PKCS1WithSHA256 SignatureScheme = 0x0401 PKCS1WithSHA384 SignatureScheme = 0x0501 PKCS1WithSHA512 SignatureScheme = 0x0601 PSSWithSHA256 SignatureScheme = 0x0804 PSSWithSHA384 SignatureScheme = 0x0805 PSSWithSHA512 SignatureScheme = 0x0806 ECDSAWithP256AndSHA256 SignatureScheme = 0x0403 ECDSAWithP384AndSHA384 SignatureScheme = 0x0503 ECDSAWithP521AndSHA512 SignatureScheme = 0x0603 EdDSAWithEd25519 SignatureScheme = 0x0807 EdDSAWithEd448 SignatureScheme = 0x0808 // Legacy signature and hash algorithms for TLS 1.2. ECDSAWithSHA1 SignatureScheme = 0x0203 )
func (*SignatureScheme) Bytes ¶
func (sigScheme *SignatureScheme) Bytes() []byte
func (*SignatureScheme) String ¶
func (sigScheme *SignatureScheme) String() string
type SimpleCertificate ¶
type SimpleCertificate struct { Raw []byte `json:"raw,omitempty"` Parsed *x509.Certificate `json:"parsed,omitempty"` }
SimpleCertificate holds a *x509.Certificate and a []byte for the certificate
type TLSVersion ¶
type TLSVersion uint16
func (TLSVersion) Bytes ¶
func (v TLSVersion) Bytes() []byte
func (*TLSVersion) MarshalJSON ¶
func (v *TLSVersion) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshler interface
func (TLSVersion) String ¶
func (v TLSVersion) String() string
func (*TLSVersion) UnmarshalJSON ¶
func (v *TLSVersion) UnmarshalJSON(b []byte) error
UnmarshalJSON implements the json.Unmarshaler interface