Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( //NamedCurves are named elliptic curve //see https://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8 NamedCurves = map[uint16]string{ 0: "Reserved", 1: "sect163k1", 2: "sect163r1", 3: "sect163r2", 4: "sect193r1", 5: "sect193r2", 6: "sect233k1", 7: "sect233r1", 8: "sect239k1", 9: "sect283k1", 10: "sect283r1", 11: "sect409k1", 12: "sect409r1", 13: "sect571k1", 14: "sect571r1", 15: "secp160k1", 16: "secp160r1", 17: "secp160r2", 18: "secp192k1", 19: "secp192r1", 20: "secp224k1", 21: "secp224r1", 22: "secp256k1", 23: "secp256r1", 24: "secp384r1", 25: "secp521r1", 26: "brainpoolP256r1", 27: "brainpoolP384r1", 28: "brainpoolP512r1", 29: "x25519", 30: "x448", 256: "ffdhe2048", 257: "ffdhe3072", 258: "ffdhe4096", 259: "ffdhe6144", 260: "ffdhe8192", 65281: "arbitrary_explicit_prime_curves", 65282: "arbitrary_explicit_char2_curves", } // CipherSuiteMap - list of ciphersuites based on: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml // For CSV: https://www.iana.org/assignments/tls-parameters/tls-parameters-4.csv // reserved/unknown items are excluded. CipherSuiteMap = map[uint16]string{}/* 334 elements not displayed */ // AllCipherSuites is the numerical values of the ciphersuites AllCipherSuites []uint16 //TLSVersions an array of supported TLS versions TLSVersions = []uint16{tls.VersionTLS12, tls.VersionTLS11, tls.VersionTLS10, tls.VersionSSL30} //TLSVersionMap a mapping from TLS version to a string representation TLSVersionMap = map[uint16]string{ tls.VersionSSL30: "SSL v3.0", tls.VersionTLS10: "TLS v1.0", tls.VersionTLS11: "TLS v1.1", tls.VersionTLS12: "TLS v1.2", } //AllALPNProtos Application Layer Protocol Negotiation. See defined list at https://tools.ietf.org/html/rfc7301#section-6 AllALPNProtos = []string{"spdy/3", "spdy/2", "spdy/1", "http/1.1"} //NkxErrorMessage error message NkxErrorMessage = "Not a key exchange message" )
Functions ¶
func GetAllCipherSuiteNumbers ¶
func GetAllCipherSuiteNumbers() []uint16
GetAllCipherSuiteNumbers returns all the cipher suit numerical values
Types ¶
type CertificateMessage ¶
CertificateMessage simply exporting the internal certificateMsg
func (CertificateMessage) GetCertificates ¶
func (cert CertificateMessage) GetCertificates() (certs []*x509.Certificate, e error)
GetCertificates returns the list of certificates in a TLS certificate message
type HelloAndKey ¶
type HelloAndKey struct { Hello ServerHelloMessage Key ServerKeyExchangeMsg HasKey bool }
HelloAndKey bundles server hello and ServerKeyExchange messages
type HostAndPort ¶
HostAndPort is a model representing a hostname and a given port
type HumanScanResult ¶
type HumanScanResult struct { Server string HostName string Port string SupportsTLS bool SupportedProtocols []string HasCipherPreferenceOrderByProtocol map[string]bool CipherPreferenceOrderByProtocol map[string][]string OcspStaplingByProtocol map[string]bool SelectedCipherByProtocol map[string]string ALPNByProtocol map[string]string SecureRenegotiationSupportedByProtocol map[string]bool CipherSuiteByProtocol map[string][]string // ServerHelloMessageByProtocolByCipher map[string]map[string]ServerHelloMessage // CertificatesPerProtocol map[string]CertificateMessage // KeyExchangeByProtocolByCipher map[string]map[string]ServerKeyExchangeMsg IsSTARTLS bool IsSSH bool }
HumanScanResult is a Stringified version of ScanResult
type ScanConfig ¶
type ScanConfig struct { ProtocolsOnly bool Timeout int //Number of Packets per Second to send out during underlying port scan PacketsPerSecond int //Suppress certificate output HideCerts bool //control whether to produce a running commentary of scan progress or stay quiet till the end Quiet bool }
ScanConfig describes details of how the TLS scan should be carried out
type ScanResult ¶
type ScanResult struct { Server string Port string SupportedProtocols []uint16 HasCipherPreferenceOrderByProtocol map[uint16]bool CipherPreferenceOrderByProtocol map[uint16][]uint16 OcspStaplingByProtocol map[uint16]bool SelectedCipherByProtocol map[uint16]uint16 ALPNByProtocol map[uint16]string SecureRenegotiationSupportedByProtocol map[uint16]bool CipherSuiteByProtocol map[uint16][]uint16 ServerHelloMessageByProtocolByCipher map[uint16]map[uint16]ServerHelloMessage CertificatesPerProtocol map[uint16]CertificateMessage KeyExchangeByProtocolByCipher map[uint16]map[uint16]ServerKeyExchangeMsg IsSTARTLS bool IsSSH bool }
ScanResult is the scan result of a server TLS settings
func (ScanResult) String ¶
func (s ScanResult) String() string
func (ScanResult) SupportsTLS ¶
func (s ScanResult) SupportsTLS() bool
SupportsTLS determines whether the port on the specified server supports TLS at all
func (ScanResult) ToJSON ¶
func (s ScanResult) ToJSON() (js string)
ToJSON returns a JSON-formatted string representation of the ScanResult
func (ScanResult) ToString ¶
func (s ScanResult) ToString(config ScanConfig) (result string)
ToString generates a string output
func (ScanResult) ToStringStruct ¶
func (s ScanResult) ToStringStruct() (out HumanScanResult)
ToStringStruct returns a string-decoded form of ScanResult
type ServerHelloMessage ¶
type ServerHelloMessage struct { Raw []byte Vers uint16 Random []byte SessionId []byte CipherSuite uint16 CompressionMethod uint8 NextProtoNeg bool NextProtos []string OcspStapling bool Scts [][]byte TicketSupported bool SecureRenegotiation []byte SecureRenegotiationSupported bool AlpnProtocol string }
ServerHelloMessage is the TLS server hello message
type ServerKeyExchangeMsg ¶
ServerKeyExchangeMsg is the key exchange message