tls

package
v1.8.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 3, 2021 License: Apache-2.0 Imports: 17 Imported by: 78

Documentation

Index

Constants

View Source
const (
	DefaultRSABits = 2048
	// The default TLS cipher suites to provide to clients - see https://cipherlist.eu for updates
	// Note that for TLS v1.3, cipher suites are not configurable and will be chosen automatically.
	DefaultTLSCipherSuite = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
	// The default minimum TLS version to provide to clients
	DefaultTLSMinVersion = "1.2"
	// The default maximum TLS version to provide to clients
	DefaultTLSMaxVersion = "1.3"
)

Variables

This section is empty.

Functions

func AddTLSFlagsToCmd added in v0.9.0

func AddTLSFlagsToCmd(cmd *cobra.Command) func() (ConfigCustomizer, error)

Adds TLS server related command line options to a command and returns a TLS config customizer object, set up to the options specified

func BestEffortSystemCertPool added in v0.12.0

func BestEffortSystemCertPool() *x509.CertPool

BestEffortSystemCertPool returns system cert pool as best effort, otherwise an empty cert pool

func EncodeX509KeyPair

func EncodeX509KeyPair(cert tls.Certificate) ([]byte, []byte)

EncodeX509KeyPair encodes a TLS Certificate into its pem encoded format for storage

func EncodeX509KeyPairString added in v0.5.3

func EncodeX509KeyPairString(cert tls.Certificate) (string, string)

EncodeX509KeyPairString encodes a TLS Certificate into its pem encoded string format

func GenerateX509KeyPair

func GenerateX509KeyPair(opts CertOptions) (*tls.Certificate, error)

GenerateX509KeyPair generates a X509 key pair

Types

type CertOptions

type CertOptions struct {
	// Hostnames and IPs to generate a certificate for
	Hosts []string
	// Name of organization in certificate
	Organization string
	// Creation date
	ValidFrom time.Time
	// Duration that certificate is valid for
	ValidFor time.Duration
	// whether this cert should be its own Certificate Authority
	IsCA bool
	// Size of RSA key to generate. Ignored if --ecdsa-curve is set
	RSABits int
	// ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521
	ECDSACurve string
}

type ConfigCustomizer added in v0.9.0

type ConfigCustomizer = func(*tls.Config)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL