tlsconfig

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 10, 2023 License: Apache-2.0 Imports: 7 Imported by: 2,409

Documentation

Overview

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

As a reminder from https://golang.org/pkg/crypto/tls/#Config: 

A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified.
A Config may be reused; the tls package will also not modify it.

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

Index

Constants

This section is empty.

Variables

View Source 
var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)

DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls options struct but wants to use a commonly accepted set of TLS cipher suites, with known weak algorithms removed.

Functions

func Client 

func Client(options Options) (*tls.Config, error)

Client returns a TLS configuration meant to be used by a client.

func ClientDefault 

func ClientDefault(ops ...func(*tls.Config)) *tls.Config

ClientDefault returns a secure-enough TLS configuration for the client TLS configuration.

func IsErrEncryptedKey deprecated added in v0.3.0 

func IsErrEncryptedKey(err error) bool

IsErrEncryptedKey returns true if the 'err' is an error of incorrect password when trying to decrypt a TLS private key.

Deprecated: Use of encrypted TLS private keys has been deprecated, and will be removed in a future release. Golang has deprecated support for legacy PEM encryption (as specified in RFC 1423), as it is insecure by design (see https://go-review.googlesource.com/c/go/+/264159).

func Server 

func Server(options Options) (*tls.Config, error)

Server returns a TLS configuration meant to be used by a server.

func ServerDefault 

func ServerDefault(ops ...func(*tls.Config)) *tls.Config

ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.

func SystemCertPool added in v0.3.0 

func SystemCertPool() (*x509.CertPool, error)

SystemCertPool returns a copy of the system cert pool, returns an error if failed to load or empty pool on windows.

Types

type Options 

type Options struct {
	CAFile string

	// If either CertFile or KeyFile is empty, Client() will not load them
	// preventing the client from authenticating to the server.
	// However, Server() requires them and will error out if they are empty.
	CertFile string
	KeyFile  string

	// client-only option
	InsecureSkipVerify bool
	// server-only option
	ClientAuth tls.ClientAuthType
	// If ExclusiveRootPools is set, then if a CA file is provided, the root pool used for TLS
	// creds will include exclusively the roots in that CA file.  If no CA file is provided,
	// the system pool will be used.
	ExclusiveRootPools bool
	MinVersion         uint16
	// If Passphrase is set, it will be used to decrypt a TLS private key
	// if the key is encrypted.
	//
	// Deprecated: Use of encrypted TLS private keys has been deprecated, and
	// will be removed in a future release. Golang has deprecated support for
	// legacy PEM encryption (as specified in RFC 1423), as it is insecure by
	// design (see https://go-review.googlesource.com/c/go/+/264159).
	Passphrase string
}

Options represents the information needed to create client and server TLS configurations.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.