ztls

package
v0.0.0-...-0d3eaf1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 24, 2015 License: Apache-2.0, ISC Imports: 39 Imported by: 0

Documentation

Overview

Package tls partially implements TLS 1.2, as specified in RFC 5246.

Index

Examples

Constants

View Source
const (
	TLS_NULL_WITH_NULL_NULL                       = 0x0000
	TLS_RSA_WITH_NULL_MD5                         = 0x0001
	TLS_RSA_WITH_NULL_SHA                         = 0x0002
	TLS_RSA_EXPORT_WITH_RC4_40_MD5                = 0x0003
	TLS_RSA_WITH_RC4_128_MD5                      = 0x0004
	TLS_RSA_WITH_RC4_128_SHA                      = 0x0005
	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5            = 0x0006
	TLS_RSA_WITH_IDEA_CBC_SHA                     = 0x0007
	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA             = 0x0008
	TLS_RSA_WITH_DES_CBC_SHA                      = 0x0009
	TLS_RSA_WITH_3DES_EDE_CBC_SHA                 = 0x000A
	TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA          = 0x000B
	TLS_DH_DSS_WITH_DES_CBC_SHA                   = 0x000C
	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA              = 0x000D
	TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA          = 0x000E
	TLS_DH_RSA_WITH_DES_CBC_SHA                   = 0x000F
	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA              = 0x0010
	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA         = 0x0011
	TLS_DHE_DSS_WITH_DES_CBC_SHA                  = 0x0012
	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA             = 0x0013
	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA         = 0x0014
	TLS_DHE_RSA_WITH_DES_CBC_SHA                  = 0x0015
	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA             = 0x0016
	TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5            = 0x0017
	TLS_DH_ANON_WITH_RC4_128_MD5                  = 0x0018
	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA         = 0x0019
	TLS_DH_ANON_WITH_DES_CBC_SHA                  = 0x001A
	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA             = 0x001B
	SSL_FORTEZZA_KEA_WITH_NULL_SHA                = 0x001C
	SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA        = 0x001D
	TLS_KRB5_WITH_DES_CBC_SHA                     = 0x001E
	TLS_KRB5_WITH_3DES_EDE_CBC_SHA                = 0x001F
	TLS_KRB5_WITH_RC4_128_SHA                     = 0x0020
	TLS_KRB5_WITH_IDEA_CBC_SHA                    = 0x0021
	TLS_KRB5_WITH_DES_CBC_MD5                     = 0x0022
	TLS_KRB5_WITH_3DES_EDE_CBC_MD5                = 0x0023
	TLS_KRB5_WITH_RC4_128_MD5                     = 0x0024
	TLS_KRB5_WITH_IDEA_CBC_MD5                    = 0x0025
	TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA           = 0x0026
	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA           = 0x0027
	TLS_KRB5_EXPORT_WITH_RC4_40_SHA               = 0x0028
	TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5           = 0x0029
	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5           = 0x002A
	TLS_KRB5_EXPORT_WITH_RC4_40_MD5               = 0x002B
	TLS_PSK_WITH_NULL_SHA                         = 0x002C
	TLS_DHE_PSK_WITH_NULL_SHA                     = 0x002D
	TLS_RSA_PSK_WITH_NULL_SHA                     = 0x002E
	TLS_RSA_WITH_AES_128_CBC_SHA                  = 0x002F
	TLS_DH_DSS_WITH_AES_128_CBC_SHA               = 0x0030
	TLS_DH_RSA_WITH_AES_128_CBC_SHA               = 0x0031
	TLS_DHE_DSS_WITH_AES_128_CBC_SHA              = 0x0032
	TLS_DHE_RSA_WITH_AES_128_CBC_SHA              = 0x0033
	TLS_DH_ANON_WITH_AES_128_CBC_SHA              = 0x0034
	TLS_RSA_WITH_AES_256_CBC_SHA                  = 0x0035
	TLS_DH_DSS_WITH_AES_256_CBC_SHA               = 0x0036
	TLS_DH_RSA_WITH_AES_256_CBC_SHA               = 0x0037
	TLS_DHE_DSS_WITH_AES_256_CBC_SHA              = 0x0038
	TLS_DHE_RSA_WITH_AES_256_CBC_SHA              = 0x0039
	TLS_DH_ANON_WITH_AES_256_CBC_SHA              = 0x003A
	TLS_RSA_WITH_NULL_SHA256                      = 0x003B
	TLS_RSA_WITH_AES_128_CBC_SHA256               = 0x003C
	TLS_RSA_WITH_AES_256_CBC_SHA256               = 0x003D
	TLS_DH_DSS_WITH_AES_128_CBC_SHA256            = 0x003E
	TLS_DH_RSA_WITH_AES_128_CBC_SHA256            = 0x003F
	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256           = 0x0040
	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA             = 0x0041
	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA          = 0x0042
	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA          = 0x0043
	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA         = 0x0044
	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA         = 0x0045
	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA         = 0x0046
	TLS_RSA_EXPORT1024_WITH_RC4_56_MD5            = 0x0060
	TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5        = 0x0061
	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA           = 0x0062
	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA       = 0x0063
	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA            = 0x0064
	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA        = 0x0065
	TLS_DHE_DSS_WITH_RC4_128_SHA                  = 0x0066
	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256           = 0x0067
	TLS_DH_DSS_WITH_AES_256_CBC_SHA256            = 0x0068
	TLS_DH_RSA_WITH_AES_256_CBC_SHA256            = 0x0069
	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256           = 0x006A
	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256           = 0x006B
	TLS_DH_ANON_WITH_AES_128_CBC_SHA256           = 0x006C
	TLS_DH_ANON_WITH_AES_256_CBC_SHA256           = 0x006D
	TLS_GOSTR341094_WITH_28147_CNT_IMIT           = 0x0080
	TLS_GOSTR341001_WITH_28147_CNT_IMIT           = 0x0081
	TLS_GOSTR341094_WITH_NULL_GOSTR3411           = 0x0082
	TLS_GOSTR341001_WITH_NULL_GOSTR3411           = 0x0083
	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA             = 0x0084
	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA          = 0x0085
	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA          = 0x0086
	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA         = 0x0087
	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA         = 0x0088
	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA         = 0x0089
	TLS_PSK_WITH_RC4_128_SHA                      = 0x008A
	TLS_PSK_WITH_3DES_EDE_CBC_SHA                 = 0x008B
	TLS_PSK_WITH_AES_128_CBC_SHA                  = 0x008C
	TLS_PSK_WITH_AES_256_CBC_SHA                  = 0x008D
	TLS_DHE_PSK_WITH_RC4_128_SHA                  = 0x008E
	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA             = 0x008F
	TLS_DHE_PSK_WITH_AES_128_CBC_SHA              = 0x0090
	TLS_DHE_PSK_WITH_AES_256_CBC_SHA              = 0x0091
	TLS_RSA_PSK_WITH_RC4_128_SHA                  = 0x0092
	TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA             = 0x0093
	TLS_RSA_PSK_WITH_AES_128_CBC_SHA              = 0x0094
	TLS_RSA_PSK_WITH_AES_256_CBC_SHA              = 0x0095
	TLS_RSA_WITH_SEED_CBC_SHA                     = 0x0096
	TLS_DH_DSS_WITH_SEED_CBC_SHA                  = 0x0097
	TLS_DH_RSA_WITH_SEED_CBC_SHA                  = 0x0098
	TLS_DHE_DSS_WITH_SEED_CBC_SHA                 = 0x0099
	TLS_DHE_RSA_WITH_SEED_CBC_SHA                 = 0x009A
	TLS_DH_ANON_WITH_SEED_CBC_SHA                 = 0x009B
	TLS_RSA_WITH_AES_128_GCM_SHA256               = 0x009C
	TLS_RSA_WITH_AES_256_GCM_SHA384               = 0x009D
	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256           = 0x009E
	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384           = 0x009F
	TLS_DH_RSA_WITH_AES_128_GCM_SHA256            = 0x00A0
	TLS_DH_RSA_WITH_AES_256_GCM_SHA384            = 0x00A1
	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256           = 0x00A2
	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384           = 0x00A3
	TLS_DH_DSS_WITH_AES_128_GCM_SHA256            = 0x00A4
	TLS_DH_DSS_WITH_AES_256_GCM_SHA384            = 0x00A5
	TLS_DH_ANON_WITH_AES_128_GCM_SHA256           = 0x00A6
	TLS_DH_ANON_WITH_AES_256_GCM_SHA384           = 0x00A7
	TLS_PSK_WITH_AES_128_GCM_SHA256               = 0x00A8
	TLS_PSK_WITH_AES_256_GCM_SHA384               = 0x00A9
	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256           = 0x00AA
	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384           = 0x00AB
	TLS_RSA_PSK_WITH_AES_128_GCM_SHA256           = 0x00AC
	TLS_RSA_PSK_WITH_AES_256_GCM_SHA384           = 0x00AD
	TLS_PSK_WITH_AES_128_CBC_SHA256               = 0x00AE
	TLS_PSK_WITH_AES_256_CBC_SHA384               = 0x00AF
	TLS_PSK_WITH_NULL_SHA256                      = 0x00B0
	TLS_PSK_WITH_NULL_SHA384                      = 0x00B1
	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256           = 0x00B2
	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384           = 0x00B3
	TLS_DHE_PSK_WITH_NULL_SHA256                  = 0x00B4
	TLS_DHE_PSK_WITH_NULL_SHA384                  = 0x00B5
	TLS_RSA_PSK_WITH_AES_128_CBC_SHA256           = 0x00B6
	TLS_RSA_PSK_WITH_AES_256_CBC_SHA384           = 0x00B7
	TLS_RSA_PSK_WITH_NULL_SHA256                  = 0x00B8
	TLS_RSA_PSK_WITH_NULL_SHA384                  = 0x00B9
	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256          = 0x00BA
	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256       = 0x00BB
	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256       = 0x00BC
	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256      = 0x00BD
	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256      = 0x00BE
	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256      = 0x00BF
	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256          = 0x00C0
	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256       = 0x00C1
	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256       = 0x00C2
	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256      = 0x00C3
	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256      = 0x00C4
	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256      = 0x00C5
	TLS_RENEGO_PROTECTION_REQUEST                 = 0x00FF
	TLS_FALLBACK_SCSV                             = 0x5600
	TLS_ECDH_ECDSA_WITH_NULL_SHA                  = 0xC001
	TLS_ECDH_ECDSA_WITH_RC4_128_SHA               = 0xC002
	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA          = 0xC003
	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA           = 0xC004
	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA           = 0xC005
	TLS_ECDHE_ECDSA_WITH_NULL_SHA                 = 0xC006
	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA              = 0xC007
	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA         = 0xC008
	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA          = 0xC009
	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA          = 0xC00A
	TLS_ECDH_RSA_WITH_NULL_SHA                    = 0xC00B
	TLS_ECDH_RSA_WITH_RC4_128_SHA                 = 0xC00C
	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA            = 0xC00D
	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA             = 0xC00E
	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA             = 0xC00F
	TLS_ECDHE_RSA_WITH_NULL_SHA                   = 0xC010
	TLS_ECDHE_RSA_WITH_RC4_128_SHA                = 0xC011
	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA           = 0xC012
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA            = 0xC013
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA            = 0xC014
	TLS_ECDH_ANON_WITH_NULL_SHA                   = 0xC015
	TLS_ECDH_ANON_WITH_RC4_128_SHA                = 0xC016
	TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA           = 0xC017
	TLS_ECDH_ANON_WITH_AES_128_CBC_SHA            = 0xC018
	TLS_ECDH_ANON_WITH_AES_256_CBC_SHA            = 0xC019
	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA             = 0xC01A
	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA         = 0xC01B
	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA         = 0xC01C
	TLS_SRP_SHA_WITH_AES_128_CBC_SHA              = 0xC01D
	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA          = 0xC01E
	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA          = 0xC01F
	TLS_SRP_SHA_WITH_AES_256_CBC_SHA              = 0xC020
	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA          = 0xC021
	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA          = 0xC022
	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       = 0xC023
	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384       = 0xC024
	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256        = 0xC025
	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384        = 0xC026
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         = 0xC027
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384         = 0xC028
	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256          = 0xC029
	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384          = 0xC02A
	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       = 0xC02B
	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       = 0xC02C
	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256        = 0xC02D
	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384        = 0xC02E
	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         = 0xC02F
	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         = 0xC030
	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256          = 0xC031
	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384          = 0xC032
	TLS_ECDHE_PSK_WITH_RC4_128_SHA                = 0xC033
	TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           = 0xC034
	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA            = 0xC035
	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA            = 0xC036
	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256         = 0xC037
	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384         = 0xC038
	TLS_ECDHE_PSK_WITH_NULL_SHA                   = 0xC039
	TLS_ECDHE_PSK_WITH_NULL_SHA256                = 0xC03A
	TLS_ECDHE_PSK_WITH_NULL_SHA384                = 0xC03B
	TLS_RSA_WITH_ARIA_128_CBC_SHA256              = 0xC03C
	TLS_RSA_WITH_ARIA_256_CBC_SHA384              = 0xC03D
	TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256           = 0xC03E
	TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384           = 0xC03F
	TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256           = 0xC040
	TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384           = 0xC041
	TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256          = 0xC042
	TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384          = 0xC043
	TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256          = 0xC044
	TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384          = 0xC045
	TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256          = 0xC046
	TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384          = 0xC047
	TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256      = 0xC048
	TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384      = 0xC049
	TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256       = 0xC04A
	TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384       = 0xC04B
	TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256        = 0xC04C
	TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384        = 0xC04D
	TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256         = 0xC04E
	TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384         = 0xC04F
	TLS_RSA_WITH_ARIA_128_GCM_SHA256              = 0xC050
	TLS_RSA_WITH_ARIA_256_GCM_SHA384              = 0xC051
	TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256          = 0xC052
	TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384          = 0xC053
	TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256           = 0xC054
	TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384           = 0xC055
	TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256          = 0xC056
	TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384          = 0xC057
	TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256           = 0xC058
	TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384           = 0xC059
	TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256          = 0xC05A
	TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384          = 0xC05B
	TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256      = 0xC05C
	TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384      = 0xC05D
	TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256       = 0xC05E
	TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384       = 0xC05F
	TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256        = 0xC060
	TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384        = 0xC061
	TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256         = 0xC062
	TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384         = 0xC063
	TLS_PSK_WITH_ARIA_128_CBC_SHA256              = 0xC064
	TLS_PSK_WITH_ARIA_256_CBC_SHA384              = 0xC065
	TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256          = 0xC066
	TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384          = 0xC067
	TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256          = 0xC068
	TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384          = 0xC069
	TLS_PSK_WITH_ARIA_128_GCM_SHA256              = 0xC06A
	TLS_PSK_WITH_ARIA_256_GCM_SHA384              = 0xC06B
	TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256          = 0xC06C
	TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384          = 0xC06D
	TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256          = 0xC06E
	TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384          = 0xC06F
	TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256        = 0xC070
	TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384        = 0xC071
	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  = 0xC072
	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  = 0xC073
	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256   = 0xC074
	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384   = 0xC075
	TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256    = 0xC076
	TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384    = 0xC077
	TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256     = 0xC078
	TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384     = 0xC079
	TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256          = 0xC07A
	TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384          = 0xC07B
	TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256      = 0xC07C
	TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384      = 0xC07D
	TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256       = 0xC07E
	TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384       = 0xC07F
	TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256      = 0xC080
	TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384      = 0xC081
	TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256       = 0xC082
	TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384       = 0xC083
	TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256      = 0xC084
	TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384      = 0xC085
	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  = 0xC086
	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  = 0xC087
	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256   = 0xC088
	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384   = 0xC089
	TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256    = 0xC08A
	TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384    = 0xC08B
	TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256     = 0xC08C
	TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384     = 0xC08D
	TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256          = 0xC08E
	TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384          = 0xC08F
	TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256      = 0xC090
	TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384      = 0xC091
	TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256      = 0xC092
	TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384      = 0xC093
	TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256          = 0xC094
	TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384          = 0xC095
	TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      = 0xC096
	TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      = 0xC097
	TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      = 0xC098
	TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      = 0xC099
	TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    = 0xC09A
	TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    = 0xC09B
	TLS_RSA_WITH_AES_128_CCM                      = 0xC09C
	TLS_RSA_WITH_AES_256_CCM                      = 0xC09D
	TLS_DHE_RSA_WITH_AES_128_CCM                  = 0xC09E
	TLS_DHE_RSA_WITH_AES_256_CCM                  = 0xC09F
	TLS_RSA_WITH_AES_128_CCM_8                    = 0xC0A0
	TLS_RSA_WITH_AES_256_CCM_8                    = 0xC0A1
	TLS_DHE_RSA_WITH_AES_128_CCM_8                = 0xC0A2
	TLS_DHE_RSA_WITH_AES_256_CCM_8                = 0xC0A3
	TLS_PSK_WITH_AES_128_CCM                      = 0xC0A4
	TLS_PSK_WITH_AES_256_CCM                      = 0xC0A5
	TLS_DHE_PSK_WITH_AES_128_CCM                  = 0xC0A6
	TLS_DHE_PSK_WITH_AES_256_CCM                  = 0xC0A7
	TLS_PSK_WITH_AES_128_CCM_8                    = 0xC0A8
	TLS_PSK_WITH_AES_256_CCM_8                    = 0xC0A9
	TLS_PSK_DHE_WITH_AES_128_CCM_8                = 0xC0AA
	TLS_PSK_DHE_WITH_AES_256_CCM_8                = 0xC0AB
	TLS_ECDHE_ECDSA_WITH_AES_128_CCM              = 0xC0AC
	TLS_ECDHE_ECDSA_WITH_AES_256_CCM              = 0xC0AD
	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8            = 0xC0AE
	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8            = 0xC0AF
	TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256         = 0xCAFE
	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = 0xCC13
	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14
	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     = 0xCC15
	//SSL_RSA_FIPS_WITH_DES_CBC_SHA                 = 0xFEFE
	//SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA            = 0xFEFF
	//SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA            = 0xFFE0
	//SSL_RSA_FIPS_WITH_DES_CBC_SHA                 = 0xFFE1
	SSL_RSA_WITH_RC2_CBC_MD5        = 0xFF80
	SSL_RSA_WITH_IDEA_CBC_MD5       = 0xFF81
	SSL_RSA_WITH_DES_CBC_MD5        = 0xFF82
	SSL_RSA_WITH_3DES_EDE_CBC_MD5   = 0xFF83
	SSL_EN_RC2_128_CBC_WITH_MD5     = 0xFF03
	OP_PCL_TLS10_AES_128_CBC_SHA512 = 0xFF85
)

A list of the possible cipher suite ids. Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml

View Source
const (
	VersionSSL30 = 0x0300
	VersionTLS10 = 0x0301
	VersionTLS11 = 0x0302
	VersionTLS12 = 0x0303
)

Variables

View Source
var ErrNoMutualCipher error = errors.New("no mutual cipher suite")
View Source
var ErrUnimplementedCipher error = errors.New("unimplemented cipher suite")
View Source
var (
	HeartbleedError = errors.New("Error after Heartbleed")
)

RSA Ciphers

Functions

func Listen

func Listen(network, laddr string, config *Config) (net.Listener, error)

Listen creates a TLS listener accepting connections on the given network address using net.Listen. The configuration config must be non-nil and must have at least one certificate.

func NewListener

func NewListener(inner net.Listener, config *Config) net.Listener

NewListener creates a Listener which accepts connections from an inner Listener and wraps each connection with Server. The configuration config must be non-nil and must have at least one certificate.

Types

type Certificate

type Certificate struct {
	Certificate [][]byte
	PrivateKey  crypto.PrivateKey // supported types: *rsa.PrivateKey, *ecdsa.PrivateKey
	// OCSPStaple contains an optional OCSP response which will be served
	// to clients that request it.
	OCSPStaple []byte
	// Leaf is the parsed form of the leaf certificate, which may be
	// initialized using x509.ParseCertificate to reduce per-handshake
	// processing for TLS clients doing client authentication. If nil, the
	// leaf certificate will be parsed as needed.
	Leaf *x509.Certificate
}

A Certificate is a chain of one or more certificates, leaf first.

func LoadX509KeyPair

func LoadX509KeyPair(certFile, keyFile string) (cert Certificate, err error)

LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data.

func X509KeyPair

func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error)

X509KeyPair parses a public/private key pair from a pair of PEM encoded data.

type Certificates

type Certificates struct {
	Certificate SimpleCertificate   `json:"certificate,omitempty"`
	Chain       []SimpleCertificate `json:"chain,omitempty"`
	Validation  *x509.Validation    `json:"validation,omitempty"`
}

Certificates represents a TLS certificates message in a format friendly to the golang JSON library. ValidationError should be non-nil whenever Valid is false.

type CipherSuite

type CipherSuite uint16

func (*CipherSuite) MarshalJSON

func (cs *CipherSuite) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshler interface

func (CipherSuite) String

func (cs CipherSuite) String() string

func (*CipherSuite) UnmarshalJSON

func (cs *CipherSuite) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface

type ClientAuthType

type ClientAuthType int

ClientAuthType declares the policy the server will follow for TLS Client Authentication.

const (
	NoClientCert ClientAuthType = iota
	RequestClientCert
	RequireAnyClientCert
	VerifyClientCertIfGiven
	RequireAndVerifyClientCert
)

type ClientHello

type ClientHello struct {
	Random         []byte `json:"random"`
	ExtendedRandom []byte `json:"extended_random,omitempty"`
	SessionID      []byte `json:"session_id,omitempty"`
}

type ClientSessionCache

type ClientSessionCache interface {
	// Get searches for a ClientSessionState associated with the given key.
	// On return, ok is true if one was found.
	Get(sessionKey string) (session *ClientSessionState, ok bool)

	// Put adds the ClientSessionState to the cache with the given key.
	Put(sessionKey string, cs *ClientSessionState)
}

ClientSessionCache is a cache of ClientSessionState objects that can be used by a client to resume a TLS session with a given server. ClientSessionCache implementations should expect to be called concurrently from different goroutines.

func NewLRUClientSessionCache

func NewLRUClientSessionCache(capacity int) ClientSessionCache

NewLRUClientSessionCache returns a ClientSessionCache with the given capacity that uses an LRU strategy. If capacity is < 1, a default capacity is used instead.

type ClientSessionState

type ClientSessionState struct {
	// contains filtered or unexported fields
}

ClientSessionState contains the state needed by clients to resume TLS sessions.

type Config

type Config struct {
	// Rand provides the source of entropy for nonces and RSA blinding.
	// If Rand is nil, TLS uses the cryptographic random reader in package
	// crypto/rand.
	// The Reader must be safe for use by multiple goroutines.
	Rand io.Reader

	// Time returns the current time as the number of seconds since the epoch.
	// If Time is nil, TLS uses time.Now.
	Time func() time.Time

	// Certificates contains one or more certificate chains
	// to present to the other side of the connection.
	// Server configurations must include at least one certificate.
	Certificates []Certificate

	// NameToCertificate maps from a certificate name to an element of
	// Certificates. Note that a certificate name can be of the form
	// '*.example.com' and so doesn't have to be a domain name as such.
	// See Config.BuildNameToCertificate
	// The nil value causes the first element of Certificates to be used
	// for all connections.
	NameToCertificate map[string]*Certificate

	// RootCAs defines the set of root certificate authorities
	// that clients use when verifying server certificates.
	// If RootCAs is nil, TLS uses the host's root CA set.
	RootCAs *x509.CertPool

	// NextProtos is a list of supported, application level protocols.
	NextProtos []string

	// ServerName is used to verify the hostname on the returned
	// certificates unless InsecureSkipVerify is given. It is also included
	// in the client's handshake to support virtual hosting.
	ServerName string

	// ClientAuth determines the server's policy for
	// TLS Client Authentication. The default is NoClientCert.
	ClientAuth ClientAuthType

	// ClientCAs defines the set of root certificate authorities
	// that servers use if required to verify a client certificate
	// by the policy in ClientAuth.
	ClientCAs *x509.CertPool

	// InsecureSkipVerify controls whether a client verifies the
	// server's certificate chain and host name.
	// If InsecureSkipVerify is true, TLS accepts any certificate
	// presented by the server and any host name in that certificate.
	// In this mode, TLS is susceptible to man-in-the-middle attacks.
	// This should be used only for testing.
	InsecureSkipVerify bool

	// CipherSuites is a list of supported cipher suites. If CipherSuites
	// is nil, TLS uses a list of suites supported by the implementation.
	CipherSuites []uint16

	// PreferServerCipherSuites controls whether the server selects the
	// client's most preferred ciphersuite, or the server's most preferred
	// ciphersuite. If true then the server's preference, as expressed in
	// the order of elements in CipherSuites, is used.
	PreferServerCipherSuites bool

	// SessionTicketsDisabled may be set to true to disable session ticket
	// (resumption) support.
	SessionTicketsDisabled bool

	// SessionTicketKey is used by TLS servers to provide session
	// resumption. See RFC 5077. If zero, it will be filled with
	// random data before the first server handshake.
	//
	// If multiple servers are terminating connections for the same host
	// they should all have the same SessionTicketKey. If the
	// SessionTicketKey leaks, previously recorded and future TLS
	// connections using that key are compromised.
	SessionTicketKey [32]byte

	// SessionCache is a cache of ClientSessionState entries for TLS session
	// resumption.
	ClientSessionCache ClientSessionCache

	// MinVersion contains the minimum SSL/TLS version that is acceptable.
	// If zero, then SSLv3 is taken as the minimum.
	MinVersion uint16

	// MaxVersion contains the maximum SSL/TLS version that is acceptable.
	// If zero, then the maximum version supported by this package is used,
	// which is currently TLS 1.2.
	MaxVersion uint16

	// CurvePreferences contains the elliptic curves that will be used in
	// an ECDHE handshake, in preference order. If empty, the default will
	// be used.
	CurvePreferences []CurveID

	ForceSuites bool

	// Export RSA Key
	ExportRSAKey *rsa.PrivateKey

	// HeartbeatEnabled sets whether the heartbeat extension is sent
	HeartbeatEnabled bool

	// ClientDSAEnabled sets whether a TLS client will accept server DSA keys
	// and DSS signatures
	ClientDSAEnabled bool

	// Use extended random
	ExtendedRandom bool
	// contains filtered or unexported fields
}

A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified. A Config may be reused; the tls package will also not modify it.

func (*Config) BuildNameToCertificate

func (c *Config) BuildNameToCertificate()

BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate from the CommonName and SubjectAlternateName fields of each of the leaf certificates.

type Conn

type Conn struct {
	// contains filtered or unexported fields
}

A Conn represents a secured connection. It implements the net.Conn interface.

func Client

func Client(conn net.Conn, config *Config) *Conn

Client returns a new TLS client side connection using conn as the underlying transport. The config cannot be nil: users must set either ServerName or InsecureSkipVerify in the config.

func Dial

func Dial(network, addr string, config *Config) (*Conn, error)

Dial connects to the given network address using net.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Dial interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.

Example
package main

import (
	"github.com/xtalentfeng/zgrab_/ztools/x509"
	"github.com/xtalentfeng/zgrab_/ztools/ztls"
)

func main() {
	// Connecting with a custom root-certificate set.

	const rootPEM = `
-----BEGIN CERTIFICATE-----
MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG
EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g
K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI
KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n
ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB
BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY
/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/
zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza
HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto
WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6
yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
-----END CERTIFICATE-----`

	// First, create the set of root certificates. For this example we only
	// have one. It's also possible to omit this in order to use the
	// default root set of the current operating system.
	roots := x509.NewCertPool()
	ok := roots.AppendCertsFromPEM([]byte(rootPEM))
	if !ok {
		panic("failed to parse root certificate")
	}

	conn, err := ztls.Dial("tcp", "mail.google.com:443", &ztls.Config{
		RootCAs: roots,
	})
	if err != nil {
		panic("failed to connect: " + err.Error())
	}
	conn.Close()
}
Output:

func DialWithDialer

func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error)

DialWithDialer connects to the given network address using dialer.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Any timeout or deadline given in the dialer apply to connection and TLS handshake as a whole.

DialWithDialer interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.

func Server

func Server(conn net.Conn, config *Config) *Conn

Server returns a new TLS server side connection using conn as the underlying transport. The configuration config must be non-nil and must have at least one certificate.

func (*Conn) CheckHeartbleed

func (c *Conn) CheckHeartbleed(b []byte) (n int, err error)

func (*Conn) ClientCiphers

func (c *Conn) ClientCiphers() []CipherSuite

func (*Conn) ClientHelloRaw

func (c *Conn) ClientHelloRaw() []byte

func (*Conn) Close

func (c *Conn) Close() error

Close closes the connection.

func (*Conn) ConnectionState

func (c *Conn) ConnectionState() ConnectionState

ConnectionState returns basic TLS details about the connection.

func (*Conn) GetHandshakeLog

func (c *Conn) GetHandshakeLog() *ServerHandshake

func (*Conn) GetHeartbleedLog

func (c *Conn) GetHeartbleedLog() *Heartbleed

func (*Conn) Handshake

func (c *Conn) Handshake() error

Handshake runs the client or server handshake protocol if it has not yet been run. Most uses of this package need not call Handshake explicitly: the first Read or Write will call it automatically.

func (*Conn) LocalAddr

func (c *Conn) LocalAddr() net.Addr

LocalAddr returns the local network address.

func (*Conn) OCSPResponse

func (c *Conn) OCSPResponse() []byte

OCSPResponse returns the stapled OCSP response from the TLS server, if any. (Only valid for client connections.)

func (*Conn) Read

func (c *Conn) Read(b []byte) (n int, err error)

Read can be made to time out and return a net.Error with Timeout() == true after a fixed time limit; see SetDeadline and SetReadDeadline.

func (*Conn) RemoteAddr

func (c *Conn) RemoteAddr() net.Addr

RemoteAddr returns the remote network address.

func (*Conn) SetDeadline

func (c *Conn) SetDeadline(t time.Time) error

SetDeadline sets the read and write deadlines associated with the connection. A zero value for t means Read and Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.

func (*Conn) SetReadDeadline

func (c *Conn) SetReadDeadline(t time.Time) error

SetReadDeadline sets the read deadline on the underlying connection. A zero value for t means Read will not time out.

func (*Conn) SetWriteDeadline

func (c *Conn) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the write deadline on the underlying connection. A zero value for t means Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.

func (*Conn) VerifyHostname

func (c *Conn) VerifyHostname(host string) error

VerifyHostname checks that the peer certificate chain is valid for connecting to host. If so, it returns nil; if not, it returns an error describing the problem.

func (*Conn) Write

func (c *Conn) Write(b []byte) (int, error)

Write writes data to the connection.

type ConnectionState

type ConnectionState struct {
	Version                    uint16                // TLS version used by the connection (e.g. VersionTLS12)
	HandshakeComplete          bool                  // TLS handshake is complete
	DidResume                  bool                  // connection resumes a previous TLS connection
	CipherSuite                uint16                // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...)
	NegotiatedProtocol         string                // negotiated next protocol (from Config.NextProtos)
	NegotiatedProtocolIsMutual bool                  // negotiated protocol was advertised by server
	ServerName                 string                // server name requested by client, if any (server side only)
	PeerCertificates           []*x509.Certificate   // certificate chain presented by remote peer
	VerifiedChains             [][]*x509.Certificate // verified chains built from PeerCertificates
}

ConnectionState records basic TLS details about the connection.

type CurveID

type CurveID uint16

CurveID is the type of a TLS identifier for an elliptic curve. See http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8

const (
	CurveP256 CurveID = 23
	CurveP384 CurveID = 24
	CurveP521 CurveID = 25
)

type DigitalSignature

type DigitalSignature struct {
	Raw              []byte            `json:"raw"`
	Type             string            `json:"type,omitempty"`
	Valid            bool              `json:"valid"`
	SigHashExtension *SignatureAndHash `json:"signature_and_hash_type,omitempty"`
	Version          TLSVersion        `json:"tls_version"`
}

DigitalSignature represents a signature for a digitally-signed-struct in the TLS record protocol. It is dependent on the version of TLS in use. In TLS 1.2, the first two bytes of the signature specify the signature and hash algorithms. These are contained the TLSSignature.Raw field, but also parsed out into TLSSignature.SigHashExtension. In older versions of TLS, the signature and hash extension is not used, and so TLSSignature.SigHashExtension will be empty. The version string is stored in TLSSignature.TLSVersion.

type Finished

type Finished struct {
	VerifyData []byte `json:"verify_data"`
}

Finished represents a TLS Finished message

type Heartbleed

type Heartbleed struct {
	HeartbeatEnabled bool `json:"heartbeat_enabled"`
	Vulnerable       bool `json:"heartbleed_vulnerable"`
}

type ServerHandshake

type ServerHandshake struct {
	ClientHello        *ClientHello       `json:"client_hello,omitempty"`
	ServerHello        *ServerHello       `json:"server_hello,omitempty"`
	ServerCertificates *Certificates      `json:"server_certificates,omitempty"`
	ServerKeyExchange  *ServerKeyExchange `json:"server_key_exchange,omitempty"`
	ServerFinished     *Finished          `json:"server_finished,omitempty"`
}

ServerHandshake stores all of the messages sent by the server during a standard TLS Handshake. It implements zgrab.EventData interface

type ServerHello

type ServerHello struct {
	Version             TLSVersion  `json:"version"`
	Random              []byte      `json:"random"`
	SessionID           []byte      `json:"session_id"`
	CipherSuite         CipherSuite `json:"cipher_suite"`
	CompressionMethod   uint8       `json:"compression_method"`
	OcspStapling        bool        `json:"ocsp_stapling"`
	TicketSupported     bool        `json:"ticket"`
	SecureRenegotiation bool        `json:"secure_renegotiation"`
	HeartbeatSupported  bool        `json:"heartbeat"`
	ExtendedRandom      []byte      `json:"extended_random,omitempty"`
}

type ServerKeyExchange

type ServerKeyExchange struct {
	Raw            []byte             `json:"-"`
	RSAParams      *keys.RSAPublicKey `json:"rsa_params,omitempty"`
	DHParams       *keys.DHParams     `json:"dh_params,omitempty"`
	ECDHParams     *keys.ECDHParams   `json:"ecdh_params,omitempty"`
	Signature      *DigitalSignature  `json:"signature,omitempty"`
	SignatureError string             `json:"signature_error,omitempty"`
}

ServerKeyExchange represents the raw key data sent by the server in TLS key exchange message

type SignatureAndHash

type SignatureAndHash signatureAndHash

SignatureAndHash is a signatureAndHash that implements json.Marshaler and json.Unmarshaler

func (*SignatureAndHash) MarshalJSON

func (sh *SignatureAndHash) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshaler interface

func (*SignatureAndHash) UnmarshalJSON

func (sh *SignatureAndHash) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface

type SimpleCertificate

type SimpleCertificate struct {
	Raw    []byte            `json:"raw,omitempty"`
	Parsed *x509.Certificate `json:"parsed,omitempty"`
}

SimpleCertificate holds a *x509.Certificate and a []byte for the certificate

type TLSVersion

type TLSVersion uint16

func (*TLSVersion) MarshalJSON

func (v *TLSVersion) MarshalJSON() ([]byte, error)

MarshalJSON implements the json.Marshler interface

func (TLSVersion) String

func (v TLSVersion) String() string

func (*TLSVersion) UnmarshalJSON

func (v *TLSVersion) UnmarshalJSON(b []byte) error

UnmarshalJSON implements the json.Unmarshaler interface

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL