Documentation
¶
Index ¶
- Variables
- func AllSSLClientAuthTypes() []maps.Map
- func FindSSLClientAuthTypeName(authType SSLClientAuthType) string
- func GoSSLClientAuthType(authType SSLClientAuthType) tls.ClientAuthType
- type HSTSConfig
- type SSLCertConfig
- func (this *SSLCertConfig) CACerts() []*x509.Certificate
- func (this *SSLCertConfig) CertObject() *tls.Certificate
- func (this *SSLCertConfig) Init(ctx context.Context) error
- func (this *SSLCertConfig) MatchDomain(domain string) bool
- func (this *SSLCertConfig) TimeBegin() time.Time
- func (this *SSLCertConfig) TimeEnd() time.Time
- type SSLCertRef
- type SSLClientAuthType
- type SSLPolicy
- func (this *SSLPolicy) CAPool() *x509.CertPool
- func (this *SSLPolicy) CheckOCSP()
- func (this *SSLPolicy) ContainsCert(certId int64) bool
- func (this *SSLPolicy) FirstCert() *tls.Certificate
- func (this *SSLPolicy) Init(ctx context.Context) error
- func (this *SSLPolicy) MatchDomain(domain string) (cert *tls.Certificate, ok bool)
- func (this *SSLPolicy) OcspExpiresAt() int64
- func (this *SSLPolicy) TLSCipherSuites() []uint16
- func (this *SSLPolicy) TLSConfig() *tls.Config
- func (this *SSLPolicy) TLSMinVersion() uint16
- func (this *SSLPolicy) UpdateCertOCSP(certId int64, ocsp []byte, expiresAt int64)
- type SSLPolicyRef
- type TLSCipherSuite
- type TLSVersion
Constants ¶
This section is empty.
Variables ¶
View Source
var AllTLSCipherSuites = []TLSCipherSuite{
"TLS_RSA_WITH_RC4_128_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_RC4_128_SHA",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
}
View Source
var AllTlsVersions = []TLSVersion{"SSL 3.0", "TLS 1.0", "TLS 1.1", "TLS 1.2", "TLS 1.3"}
View Source
var TLSIntermediateCipherSuites = []string{
"TLS_AES_128_GCM_SHA256",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
"TLS_RSA_WITH_3DES_EDE_CBC_SHA",
}
View Source
var TLSModernCipherSuites = []string{
"TLS_AES_128_GCM_SHA256",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
}
Functions ¶
func FindSSLClientAuthTypeName ¶
func FindSSLClientAuthTypeName(authType SSLClientAuthType) string
查找单个认证方式的名称
func GoSSLClientAuthType ¶
func GoSSLClientAuthType(authType SSLClientAuthType) tls.ClientAuthType
认证类型和tls包内类型的映射
Types ¶
type HSTSConfig ¶
type HSTSConfig struct {
IsOn bool `yaml:"isOn" json:"isOn"`
MaxAge int `yaml:"maxAge" json:"maxAge"` // 单位秒
IncludeSubDomains bool `yaml:"includeSubDomains" json:"includeSubDomains"`
Preload bool `yaml:"preload" json:"preload"`
Domains []string `yaml:"domains" json:"domains"`
// contains filtered or unexported fields
}
HSTS设置 参考: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
type SSLCertConfig ¶
type SSLCertConfig struct {
Id int64 `yaml:"id" json:"id"`
IsOn bool `yaml:"isOn" json:"isOn"`
Name string `yaml:"name" json:"name"`
Description string `yaml:"description" json:"description"` // 说明
CertData []byte `yaml:"certData" json:"certData"` // 证书数据
KeyData []byte `yaml:"keyData" json:"keyData"` // 密钥数据
ServerName string `yaml:"serverName" json:"serverName"` // 证书使用的主机名,在请求TLS服务器时需要
IsCA bool `yaml:"isCA" json:"isCA"` // 是否为CA证书
IsACME bool `yaml:"isACME" json:"isACME"` // 是否通过ACME协议免费申请
// 以下是从证书中分析所得
TimeBeginAt int64 `yaml:"timeBeginAt" json:"timeBeginAt"`
TimeEndAt int64 `yaml:"timeEndAt" json:"timeEndAt"`
DNSNames []string `yaml:"dnsNames" json:"dnsNames"`
CommonNames []string `yaml:"commonNames" json:"commonNames"`
// OCSP
OCSP []byte `yaml:"ocsp" json:"ocsp"`
OCSPExpiresAt int64 `yaml:"ocspExpiresAt" json:"ocspExpiresAt"`
OCSPError string `yaml:"ocspError" json:"ocspError"`
// contains filtered or unexported fields
}
SSLCertConfig SSL证书
func (*SSLCertConfig) CACerts ¶ added in v0.6.4
func (this *SSLCertConfig) CACerts() []*x509.Certificate
func (*SSLCertConfig) CertObject ¶
func (this *SSLCertConfig) CertObject() *tls.Certificate
CertObject 获取证书对象
func (*SSLCertConfig) MatchDomain ¶
func (this *SSLCertConfig) MatchDomain(domain string) bool
MatchDomain 校验是否匹配某个域名
type SSLCertRef ¶
type SSLClientAuthType ¶
type SSLClientAuthType = int
认证类型
const ( SSLClientAuthTypeNoClientCert SSLClientAuthType = 0 SSLClientAuthTypeRequestClientCert SSLClientAuthType = 1 SSLClientAuthTypeRequireAnyClientCert SSLClientAuthType = 2 SSLClientAuthTypeVerifyClientCertIfGiven SSLClientAuthType = 3 SSLClientAuthTypeRequireAndVerifyClientCert SSLClientAuthType = 4 )
type SSLPolicy ¶
type SSLPolicy struct {
Id int64 `yaml:"id" json:"id"` // ID
IsOn bool `yaml:"isOn" json:"isOn"` // 是否开启
CertRefs []*SSLCertRef `yaml:"certRefs" json:"certRefs"`
Certs []*SSLCertConfig `yaml:"certs" json:"certs"`
ClientAuthType SSLClientAuthType `yaml:"clientAuthType" json:"clientAuthType"` // 客户端认证类型
ClientCARefs []*SSLCertRef `yaml:"clientCARefs" json:"clientCARefs"` // 客户端认证CA证书引用
ClientCACerts []*SSLCertConfig `yaml:"clientCACerts" json:"clientCACerts"` // 客户端认证CA
MinVersion TLSVersion `yaml:"minVersion" json:"minVersion"` // 支持的最小版本
CipherSuitesIsOn bool `yaml:"cipherSuitesIsOn" json:"cipherSuitesIsOn"` // 是否自定义加密算法套件
CipherSuites []TLSCipherSuite `yaml:"cipherSuites" json:"cipherSuites"` // 加密算法套件
HSTS *HSTSConfig `yaml:"hsts" json:"hsts"` // HSTS配置
HTTP2Enabled bool `yaml:"http2Enabled" json:"http2Enabled"` // 是否启用HTTP/2
HTTP3Enabled bool `yaml:"http3Enabled" json:"http3Enabled"` // 是否启用HTTP/3
OCSPIsOn bool `yaml:"ocspIsOn" json:"ocspIsOn"` // 是否启用OCSP
// contains filtered or unexported fields
}
SSLPolicy SSL配置
func (*SSLPolicy) ContainsCert ¶
ContainsCert 检查是否包括某个证书
func (*SSLPolicy) MatchDomain ¶
func (this *SSLPolicy) MatchDomain(domain string) (cert *tls.Certificate, ok bool)
MatchDomain 校验是否匹配某个域名
func (*SSLPolicy) OcspExpiresAt ¶
OcspExpiresAt OCSP最近过期时间
func (*SSLPolicy) TLSCipherSuites ¶
TLSCipherSuites 套件
func (*SSLPolicy) TLSMinVersion ¶
TLSMinVersion 取得最小版本
type SSLPolicyRef ¶
Source Files
Click to show internal directories.
Click to hide internal directories.