security

package

v0.0.0-...-d428879 Latest Latest Go to latest Published: Apr 19, 2024 License: Apache-2.0 Imports: 10 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/istio/istio

Documentation ¶

Index ¶

Variables
func CheckEmptyValues(key string, values []string) error
func FilterCipherSuites(suites []string) []string
func IsValidCipherSuite(cs string) bool
func IsValidECDHCurve(cs string) bool
func ValidateAttribute(key string, values []string) error
func ValidateIPs(ips []string) error
func ValidatePorts(ports []string) error
type JwksInfo
- func ParseJwksURI(jwksURI string) (JwksInfo, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ValidCipherSuites = sets.New(
	"ECDHE-ECDSA-AES128-GCM-SHA256",
	"ECDHE-RSA-AES128-GCM-SHA256",
	"ECDHE-ECDSA-AES256-GCM-SHA384",
	"ECDHE-RSA-AES256-GCM-SHA384",
	"ECDHE-ECDSA-CHACHA20-POLY1305",
	"ECDHE-RSA-CHACHA20-POLY1305",
	"ECDHE-ECDSA-AES128-SHA",
	"ECDHE-RSA-AES128-SHA",
	"ECDHE-ECDSA-AES256-SHA",
	"ECDHE-RSA-AES256-SHA",
	"AES128-GCM-SHA256",
	"AES256-GCM-SHA384",
	"AES128-SHA",
	"AES256-SHA",
	"DES-CBC3-SHA",
)

ValidCipherSuites contains a list of all ciphers supported in Gateway.server.tls.cipherSuites Extracted from: `bssl ciphers -openssl-name ALL | rg -v PSK`

View Source

var ValidECDHCurves = sets.New(
	"P-224",
	"P-256",
	"P-521",
	"P-384",
	"X25519",
	"CECPQ2",
)

ValidECDHCurves contains a list of all ecdh curves supported in MeshConfig.TlsDefaults.ecdhCurves Source: https://github.com/google/boringssl/blob/3743aafdacff2f7b083615a043a37101f740fa53/ssl/ssl_key_share.cc#L302-L309

Functions ¶

func CheckEmptyValues ¶

func CheckEmptyValues(key string, values []string) error

func FilterCipherSuites ¶

func FilterCipherSuites(suites []string) []string

FilterCipherSuites filters out invalid cipher suites which would lead Envoy to NACKing.

func IsValidCipherSuite ¶

func IsValidCipherSuite(cs string) bool

func IsValidECDHCurve ¶

func IsValidECDHCurve(cs string) bool

func ValidateAttribute ¶

func ValidateAttribute(key string, values []string) error

func ValidateIPs ¶

func ValidateIPs(ips []string) error

func ValidatePorts ¶

func ValidatePorts(ports []string) error

Types ¶

type JwksInfo ¶

type JwksInfo struct {
	Hostname host.Name
	Scheme   string
	Port     int
	UseSSL   bool
}

JwksInfo provides values resulting from parsing a jwks URI.

func ParseJwksURI ¶

func ParseJwksURI(jwksURI string) (JwksInfo, error)

ParseJwksURI parses the input URI and returns the corresponding hostname, port, and whether SSL is used. URI must start with "http://" or "https://", which corresponding to "http" or "https" scheme. Port number is extracted from URI if available (i.e from postfix :<port>, eg. ":80"), or assigned to a default value based on URI scheme (80 for http and 443 for https). Port name is set to URI scheme value.

Source Files ¶

View all Source files

security.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL