Documentation ¶
Index ¶
- Variables
- func AllSSLClientAuthTypes() []maps.Map
- func FindSSLClientAuthTypeName(authType SSLClientAuthType) string
- func GoSSLClientAuthType(authType SSLClientAuthType) tls.ClientAuthType
- type HSTSConfig
- type SSLCertConfig
- type SSLCertRef
- type SSLClientAuthType
- type SSLPolicy
- func (this *SSLPolicy) CAPool() *x509.CertPool
- func (this *SSLPolicy) CheckOCSP()
- func (this *SSLPolicy) ContainsCert(certId int64) bool
- func (this *SSLPolicy) FirstCert() *tls.Certificate
- func (this *SSLPolicy) Init() error
- func (this *SSLPolicy) MatchDomain(domain string) (cert *tls.Certificate, ok bool)
- func (this *SSLPolicy) OcspExpiresAt() int64
- func (this *SSLPolicy) TLSCipherSuites() []uint16
- func (this *SSLPolicy) TLSConfig() *tls.Config
- func (this *SSLPolicy) TLSMinVersion() uint16
- func (this *SSLPolicy) UpdateCertOCSP(certId int64, ocsp []byte, expiresAt int64)
- type SSLPolicyRef
- type TLSCipherSuite
- type TLSVersion
Constants ¶
This section is empty.
Variables ¶
View Source
var AllTLSCipherSuites = []TLSCipherSuite{
"TLS_RSA_WITH_RC4_128_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
}
View Source
var AllTlsVersions = []TLSVersion{"SSL 3.0", "TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3"}
View Source
var TLSIntermediateCipherSuites = []string{
"TLS_AES_128_GCM_SHA256",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
}
View Source
var TLSModernCipherSuites = []string{
"TLS_AES_128_GCM_SHA256",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
}
Functions ¶
func FindSSLClientAuthTypeName ¶
func FindSSLClientAuthTypeName(authType SSLClientAuthType) string
查找单个认证方式的名称
func GoSSLClientAuthType ¶
func GoSSLClientAuthType(authType SSLClientAuthType) tls.ClientAuthType
认证类型和tls包内类型的映射
Types ¶
type HSTSConfig ¶
type HSTSConfig struct { IsOn bool `yaml:"isOn" json:"isOn"` MaxAge int `yaml:"maxAge" json:"maxAge"` // 单位秒 IncludeSubDomains bool `yaml:"includeSubDomains" json:"includeSubDomains"` Preload bool `yaml:"preload" json:"preload"` Domains []string `yaml:"domains" json:"domains"` // contains filtered or unexported fields }
HSTS设置 参考: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
type SSLCertConfig ¶
type SSLCertConfig struct { Id int64 `yaml:"id" json:"id"` IsOn bool `yaml:"isOn" json:"isOn"` Name string `yaml:"name" json:"name"` Description string `yaml:"description" json:"description"` // 说明 CertData []byte `yaml:"certData" json:"certData"` // 证书数据 KeyData []byte `yaml:"keyData" json:"keyData"` // 密钥数据 ServerName string `yaml:"serverName" json:"serverName"` // 证书使用的主机名,在请求TLS服务器时需要 IsCA bool `yaml:"isCA" json:"isCA"` // 是否为CA证书 IsACME bool `yaml:"isACME" json:"isACME"` // 是否通过ACME协议免费申请 // 以下是从证书中分析所得 TimeBeginAt int64 `yaml:"timeBeginAt" json:"timeBeginAt"` TimeEndAt int64 `yaml:"timeEndAt" json:"timeEndAt"` DNSNames []string `yaml:"dnsNames" json:"dnsNames"` CommonNames []string `yaml:"commonNames" json:"commonNames"` // OCSP OCSP []byte `yaml:"ocsp" json:"ocsp"` OCSPExpiresAt int64 `yaml:"ocspExpiresAt" json:"ocspExpiresAt"` OCSPError string `yaml:"ocspError" json:"ocspError"` // contains filtered or unexported fields }
SSLCertConfig SSL证书
func (*SSLCertConfig) CertObject ¶
func (this *SSLCertConfig) CertObject() *tls.Certificate
CertObject 获取证书对象
func (*SSLCertConfig) MatchDomain ¶
func (this *SSLCertConfig) MatchDomain(domain string) bool
MatchDomain 校验是否匹配某个域名
type SSLCertRef ¶
type SSLClientAuthType ¶
type SSLClientAuthType = int
认证类型
const ( SSLClientAuthTypeNoClientCert SSLClientAuthType = 0 SSLClientAuthTypeRequestClientCert SSLClientAuthType = 1 SSLClientAuthTypeRequireAnyClientCert SSLClientAuthType = 2 SSLClientAuthTypeVerifyClientCertIfGiven SSLClientAuthType = 3 SSLClientAuthTypeRequireAndVerifyClientCert SSLClientAuthType = 4 )
type SSLPolicy ¶
type SSLPolicy struct { Id int64 `yaml:"id" json:"id"` // ID IsOn bool `yaml:"isOn" json:"isOn"` // 是否开启 CertRefs []*SSLCertRef `yaml:"certRefs" json:"certRefs"` Certs []*SSLCertConfig `yaml:"certs" json:"certs"` ClientAuthType SSLClientAuthType `yaml:"clientAuthType" json:"clientAuthType"` // 客户端认证类型 ClientCARefs []*SSLCertRef `yaml:"clientCARefs" json:"clientCARefs"` // 客户端认证CA证书引用 ClientCACerts []*SSLCertConfig `yaml:"clientCACerts" json:"clientCACerts"` // 客户端认证CA MinVersion TLSVersion `yaml:"minVersion" json:"minVersion"` // 支持的最小版本 CipherSuitesIsOn bool `yaml:"cipherSuitesIsOn" json:"cipherSuitesIsOn"` // 是否自定义加密算法套件 CipherSuites []TLSCipherSuite `yaml:"cipherSuites" json:"cipherSuites"` // 加密算法套件 HSTS *HSTSConfig `yaml:"hsts" json:"hsts"` // HSTS配置 HTTP2Enabled bool `yaml:"http2Enabled" json:"http2Enabled"` // 是否启用HTTP2 OCSPIsOn bool `yaml:"ocspIsOn" json:"ocspIsOn"` // 是否启用OCSP // contains filtered or unexported fields }
SSLPolicy SSL配置
func (*SSLPolicy) ContainsCert ¶
ContainsCert 检查是否包括某个证书
func (*SSLPolicy) MatchDomain ¶
func (this *SSLPolicy) MatchDomain(domain string) (cert *tls.Certificate, ok bool)
MatchDomain 校验是否匹配某个域名
func (*SSLPolicy) OcspExpiresAt ¶
OcspExpiresAt OCSP最近过期时间
func (*SSLPolicy) TLSCipherSuites ¶
TLSCipherSuites 套件
func (*SSLPolicy) TLSMinVersion ¶
TLSMinVersion 取得最小版本
type SSLPolicyRef ¶
Click to show internal directories.
Click to hide internal directories.