tlsmodel

package

v0.1.1 Latest Latest Go to latest Published: Oct 24, 2018 License: BSD-3-Clause Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/adedayo/tlsaudit

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GetAllCipherSuiteNumbers() []uint16
type CertificateMessage
- func (cert CertificateMessage) GetCertificates() (certs []*x509.Certificate, e error)
type HelloAndKey
type HostAndPort
type HumanScanResult
type KeyExchangeAlgorithm
type ScanConfig
type ScanResult
type ServerHelloMessage
type ServerKeyExchangeMsg

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	//NamedCurves are named elliptic curve
	//see https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
	NamedCurves = map[uint16]string{
		0:     "Reserved",
		1:     "sect163k1",
		2:     "sect163r1",
		3:     "sect163r2",
		4:     "sect193r1",
		5:     "sect193r2",
		6:     "sect233k1",
		7:     "sect233r1",
		8:     "sect239k1",
		9:     "sect283k1",
		10:    "sect283r1",
		11:    "sect409k1",
		12:    "sect409r1",
		13:    "sect571k1",
		14:    "sect571r1",
		15:    "secp160k1",
		16:    "secp160r1",
		17:    "secp160r2",
		18:    "secp192k1",
		19:    "secp192r1",
		20:    "secp224k1",
		21:    "secp224r1",
		22:    "secp256k1",
		23:    "secp256r1",
		24:    "secp384r1",
		25:    "secp521r1",
		26:    "brainpoolP256r1",
		27:    "brainpoolP384r1",
		28:    "brainpoolP512r1",
		29:    "x25519",
		30:    "x448",
		256:   "ffdhe2048",
		257:   "ffdhe3072",
		258:   "ffdhe4096",
		259:   "ffdhe6144",
		260:   "ffdhe8192",
		65281: "arbitrary_explicit_prime_curves",
		65282: "arbitrary_explicit_char2_curves",
	}

	// CipherSuiteMap - list of ciphersuites based on: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
	// For CSV: https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv
	// reserved/unknown items are excluded.
	CipherSuiteMap = map[uint16]string{}/* 334 elements not displayed */

	// AllCipherSuites is the numerical values of the ciphersuites
	AllCipherSuites []uint16

	//TLSVersions an array of supported TLS versions
	TLSVersions = []uint16{tls.VersionTLS12, tls.VersionTLS11, tls.VersionTLS10, tls.VersionSSL30}
	//TLSVersionMap a mapping from TLS version to a string representation
	TLSVersionMap = map[uint16]string{
		tls.VersionSSL30: "SSL v3.0",
		tls.VersionTLS10: "TLS v1.0",
		tls.VersionTLS11: "TLS v1.1",
		tls.VersionTLS12: "TLS v1.2",
	}

	//AllALPNProtos Application Layer Protocol Negotiation. See defined list at https://tools.ietf.org/html/rfc7301#section-6
	AllALPNProtos = []string{"spdy/3", "spdy/2", "spdy/1", "http/1.1"}

	//NkxErrorMessage error message
	NkxErrorMessage = "Not a key exchange message"
)

Functions ¶

func GetAllCipherSuiteNumbers ¶

func GetAllCipherSuiteNumbers() []uint16

GetAllCipherSuiteNumbers returns all the cipher suit numerical values

Types ¶

type CertificateMessage ¶

type CertificateMessage struct {
	Raw          []byte
	Certificates [][]byte
}

CertificateMessage simply exporting the internal certificateMsg

func (CertificateMessage) GetCertificates ¶

func (cert CertificateMessage) GetCertificates() (certs []*x509.Certificate, e error)

GetCertificates returns the list of certificates in a TLS certificate message

type HelloAndKey ¶

type HelloAndKey struct {
	Hello  ServerHelloMessage
	Key    ServerKeyExchangeMsg
	HasKey bool
}

HelloAndKey bundles server hello and ServerKeyExchange messages

type HostAndPort ¶

type HostAndPort struct {
	Hostname string
	Port     string
}

HostAndPort is a model representing a hostname and a given port

type HumanScanResult ¶

type HumanScanResult struct {
	Server                                 string
	HostName                               string
	Port                                   string
	SupportsTLS                            bool
	SupportedProtocols                     []string
	HasCipherPreferenceOrderByProtocol     map[string]bool
	CipherPreferenceOrderByProtocol        map[string][]string
	OcspStaplingByProtocol                 map[string]bool
	SelectedCipherByProtocol               map[string]string
	ALPNByProtocol                         map[string]string
	SecureRenegotiationSupportedByProtocol map[string]bool
	CipherSuiteByProtocol                  map[string][]string
	// ServerHelloMessageByProtocolByCipher   map[string]map[string]ServerHelloMessage
	// CertificatesPerProtocol                map[string]CertificateMessage
	// KeyExchangeByProtocolByCipher          map[string]map[string]ServerKeyExchangeMsg
	IsSTARTLS bool
	IsSSH     bool
}

HumanScanResult is a Stringified version of ScanResult

type KeyExchangeAlgorithm ¶

type KeyExchangeAlgorithm int

KeyExchangeAlgorithm says what it is

type ScanConfig ¶

type ScanConfig struct {
	ProtocolsOnly bool
	Timeout       int
	//Number of Packets per Second to send out during underlying port scan
	PacketsPerSecond int
	//Suppress certificate output
	HideCerts bool
	//control whether to produce a running commentary of scan progress or stay quiet till the end
	Quiet bool
}

ScanConfig describes details of how the TLS scan should be carried out

type ScanResult ¶

type ScanResult struct {
	Server                                 string
	Port                                   string
	SupportedProtocols                     []uint16
	HasCipherPreferenceOrderByProtocol     map[uint16]bool
	CipherPreferenceOrderByProtocol        map[uint16][]uint16
	OcspStaplingByProtocol                 map[uint16]bool
	SelectedCipherByProtocol               map[uint16]uint16
	ALPNByProtocol                         map[uint16]string
	SecureRenegotiationSupportedByProtocol map[uint16]bool
	CipherSuiteByProtocol                  map[uint16][]uint16
	ServerHelloMessageByProtocolByCipher   map[uint16]map[uint16]ServerHelloMessage
	CertificatesPerProtocol                map[uint16]CertificateMessage
	KeyExchangeByProtocolByCipher          map[uint16]map[uint16]ServerKeyExchangeMsg
	IsSTARTLS                              bool
	IsSSH                                  bool
}

ScanResult is the scan result of a server TLS settings

func (ScanResult) String ¶

func (s ScanResult) String() string

func (ScanResult) SupportsTLS ¶

func (s ScanResult) SupportsTLS() bool

SupportsTLS determines whether the port on the specified server supports TLS at all

func (ScanResult) ToJSON ¶

func (s ScanResult) ToJSON() (js string)

ToJSON returns a JSON-formatted string representation of the ScanResult

func (ScanResult) ToString ¶

func (s ScanResult) ToString(config ScanConfig) (result string)

ToString generates a string output

func (ScanResult) ToStringStruct ¶

func (s ScanResult) ToStringStruct() (out HumanScanResult)

ToStringStruct returns a string-decoded form of ScanResult

type ServerHelloMessage ¶

type ServerHelloMessage struct {
	Raw                          []byte
	Vers                         uint16
	Random                       []byte
	SessionId                    []byte
	CipherSuite                  uint16
	CompressionMethod            uint8
	NextProtoNeg                 bool
	NextProtos                   []string
	OcspStapling                 bool
	Scts                         [][]byte
	TicketSupported              bool
	SecureRenegotiation          []byte
	SecureRenegotiationSupported bool
	AlpnProtocol                 string
}

ServerHelloMessage is the TLS server hello message

type ServerKeyExchangeMsg ¶

type ServerKeyExchangeMsg struct {
	Raw []byte
	Key []byte
}

ServerKeyExchangeMsg is the key exchange message

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL