Documentation ¶
Overview ¶
Package tlsconfig provides opintionated helpers for building tls.Configs. It keeps up to date with internal Pivotal best practices and external industry best practices.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ClientOption ¶
ClientOption can be used to configure a TLS configuration for a client.
func WithAuthority ¶
func WithAuthority(authority *x509.CertPool) ClientOption
WithAuthority makes the server verify that all clients present an identity that can be validated by the certificate pool provided.
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config represents a half configured TLS configuration. It can be made usable by calling either of its two methods.
func (Config) Client ¶
func (c Config) Client(opts ...ClientOption) *tls.Config
Client can be used to build a TLS configuration suitable for clients (GRPC, HTTP, etc.). The options are applied in order. It is possible for a later option to undo the configuration that an earlier one applied. Care must be taken.
func (Config) Server ¶
func (c Config) Server(opts ...ServerOption) *tls.Config
Server can be used to build a TLS configuration suitable for servers (GRPC, HTTP, etc.). The options are applied in order. It is possible for a later option to undo the configuration that an earlier one applied. Care must be taken.
type ServerOption ¶
ServerOption can be used to configure a TLS configuration for a server.
func WithClientAuthentication ¶
func WithClientAuthentication(authority *x509.CertPool) ServerOption
WithClientAuthentication makes the server verify that all clients present an identity that can be validated by the certificate pool provided.
type TLSOption ¶
TLSOption can be used to configure a TLS configuration for both clients and servers.
func WithIdentity ¶
func WithIdentity(cert tls.Certificate) TLSOption
WithIdentity sets the identity of the server or client which will be presented to its peer upon connection.
func WithInternalServiceDefaults ¶
func WithInternalServiceDefaults() TLSOption
WithInternalServiceDefaults modifies a *tls.Config that is suitable for use in communication links between internal services. It is not guaranteed to be suitable for communication to other external services as it contains a strict definition of acceptable standards.
The standards were taken from the "Consolidated Remarks" internal document from Pivotal.
Note: Due to the aggressive nature of the ciphersuites chosen here (they do not support any ECC signing) it is not possible to use ECC keys with this option.
func WithPivotalDefaults
deprecated
func WithPivotalDefaults() TLSOption
WithPivotalDefaults is the same as WithInternalServiceDefaults and is only provided for backwards compatibility. These configuration options are now used beyond just Pivotal.
Deprecated: Use WithInternalServiceDefaults() instead.