tlsutil

Documentation

Overview

Package tlsutil provides utilities on top of the standard library TLS package.

Index

• func NewConfig(opts ...Option) *tls.Config
• type Option
  • func WithCertificates(certs []tls.Certificate) Option
  • func WithProfile(p Profile) Option
• type Profile
  • func (p Profile) String() string

Functions

func NewConfig

func NewConfig(opts ...Option) *tls.Config

NewConfig returns a configured *tls.Config. By default, the TLS Config is set to MinVersion of TLS 1.2 and a Modern Profile.

Use one of the available Options to modify the default config.

Types

type Option

type Option func(*tls.Config)

Option is a TLS Config option. Options can be provided to the NewConfig function when creating a TLS Config.

func WithCertificates

func WithCertificates(certs []tls.Certificate) Option

WithCertificates builds the tls.Config.NameToCertificate from the CommonName and SubjectAlternateName fields of the provided certificate.

WithCertificates is useful for creating a TLS Config for servers which require SNI, for example reverse proxies.

func WithProfile

func WithProfile(p Profile) Option

WithProfile overrides the default Profile when creating a new *tls.Config.

type Profile

type Profile int

Profile represents a collection of TLS CipherSuites and their compatibility with Web Browsers. The different profile types are defined on the Mozilla wiki: https://wiki.mozilla.org/Security/Server_Side_TLS

const (
	// Modern CipherSuites only.
	// This configuration is compatible with Firefox 27, Chrome 30, IE 11 on Windows 7,
	// Edge, Opera 17, Safari 9, Android 5.0, and Java 8.
	Modern Profile = iota

	// Intermediate supports a wider range of CipherSuites than Modern and
	// is compatible with Firefox 1, Chrome 1, IE 7, Opera 5 and Safari 1.
	Intermediate

	// Old provides backwards compatibility for legacy clients.
	// Should only be used as a last resort.
	Old
)

func (Profile) String

func (p Profile) String() string