Versions in this module Expand all Collapse all v1 v1.0.1 Dec 27, 2021 v1.0.0 Dec 27, 2021 Changes in this version + const DISABLED_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 + const DISABLED_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 + const DISABLED_TLS_RSA_WITH_AES_256_CBC_SHA256 + const FAKE_OLD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + const FAKE_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + const FAKE_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 + const FAKE_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + const FAKE_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 + const FAKE_TLS_EMPTY_RENEGOTIATION_INFO_SCSV + const FAKE_TLS_RSA_WITH_RC4_128_MD5 + const GREASE_PLACEHOLDER + const OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + const OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + const PRNGSeedLength + const PskModeDHE + const PskModePlain + const TLS_AES_128_GCM_SHA256 + const TLS_AES_256_GCM_SHA384 + const TLS_CHACHA20_POLY1305_SHA256 + const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 + const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + const TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA + const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + const TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + const TLS_ECDHE_RSA_WITH_RC4_128_SHA + const TLS_FALLBACK_SCSV + const TLS_RSA_WITH_3DES_EDE_CBC_SHA + const TLS_RSA_WITH_AES_128_CBC_SHA + const TLS_RSA_WITH_AES_128_CBC_SHA256 + const TLS_RSA_WITH_AES_128_GCM_SHA256 + const TLS_RSA_WITH_AES_256_CBC_SHA + const TLS_RSA_WITH_AES_256_GCM_SHA384 + const TLS_RSA_WITH_RC4_128_SHA + const VersionSSL30 + const VersionTLS10 + const VersionTLS11 + const VersionTLS12 + const VersionTLS13 + var FakeFFDHE2048 = uint16(0x0100) + var FakeFFDHE3072 = uint16(0x0101) + var HelloChrome_58 = ClientHelloID + var HelloChrome_62 = ClientHelloID + var HelloChrome_70 = ClientHelloID + var HelloChrome_72 = ClientHelloID + var HelloChrome_83 = ClientHelloID + var HelloChrome_89 = ClientHelloID + var HelloChrome_96 = ClientHelloID + var HelloChrome_Auto = HelloChrome_83 + var HelloCustom = ClientHelloID + var HelloFirefox_55 = ClientHelloID + var HelloFirefox_56 = ClientHelloID + var HelloFirefox_63 = ClientHelloID + var HelloFirefox_65 = ClientHelloID + var HelloFirefox_Auto = HelloFirefox_65 + var HelloGolang = ClientHelloID + var HelloIOS_11_1 = ClientHelloID + var HelloIOS_12_1 = ClientHelloID + var HelloIOS_Auto = HelloIOS_12_1 + var HelloRandomized = ClientHelloID + var HelloRandomizedALPN = ClientHelloID + var HelloRandomizedNoALPN = ClientHelloID + func BoringPaddingStyle(unpaddedLen int) (int, bool) + func DecryptTicketWith(encrypted []byte, tks TicketKeys) (plaintext []byte, usedOldKey bool) + func EnableWeakCiphers() + func GetBoringGREASEValue(greaseSeed [ssl_grease_last_index]uint16, index int) uint16 + func Listen(network, laddr string, config *Config) (net.Listener, error) + func NewListener(inner net.Listener, config *Config) net.Listener + type ALPNExtension struct + AlpnProtocols []string + func (e *ALPNExtension) Len() int + func (e *ALPNExtension) Read(b []byte) (int, error) + type CertAlgCompressionExtension struct + Methods []CertCompressionAlgo + func (e *CertAlgCompressionExtension) Len() int + func (e *CertAlgCompressionExtension) Read(b []byte) (int, error) + type CertCompressionAlgo uint16 + const CertCompressionBrotli + const CertCompressionZlib + type Certificate struct + Certificate [][]byte + Leaf *x509.Certificate + OCSPStaple []byte + PrivateKey crypto.PrivateKey + SignedCertificateTimestamps [][]byte + func LoadX509KeyPair(certFile, keyFile string) (Certificate, error) + func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) + type CertificateCompressionAlgorithm uint16 + const CompressionBrotli + const CompressionZlib + type CertificateMsgTLS13 = certificateMsgTLS13 + type CertificateRequestInfo struct + AcceptableCAs [][]byte + SignatureSchemes []SignatureScheme + type CertificateRequestMsgTLS13 struct + CertificateAuthorities [][]byte + OcspStapling bool + Raw []byte + Scts bool + SupportedSignatureAlgorithms []SignatureScheme + SupportedSignatureAlgorithmsCert []SignatureScheme + type CipherSuite struct + Aead func(key, fixedNonce []byte) aead + Cipher func(key, iv []byte, isRead bool) interface{} + Flags int + Id uint16 + IvLen int + Ka func(version uint16) keyAgreement + KeyLen int + Mac func(version uint16, macKey []byte) macFunction + MacLen int + type CipherSuiteTLS13 struct + Aead func(key, fixedNonce []byte) aead + Hash crypto.Hash + Id uint16 + KeyLen int + type ClientAuthType int + const NoClientCert + const RequestClientCert + const RequireAndVerifyClientCert + const RequireAnyClientCert + const VerifyClientCertIfGiven + type ClientHandshakeState struct + C *Conn + Hello *ClientHelloMsg + MasterSecret []byte + ServerHello *ServerHelloMsg + Session *ClientSessionState + State12 TLS12OnlyState + State13 TLS13OnlyState + type ClientHelloID struct + Client string + Seed *PRNGSeed + Version string + func (p *ClientHelloID) IsSet() bool + func (p *ClientHelloID) Str() string + type ClientHelloInfo struct + CipherSuites []uint16 + Conn net.Conn + ServerName string + SignatureSchemes []SignatureScheme + SupportedCurves []CurveID + SupportedPoints []uint8 + SupportedProtos []string + SupportedVersions []uint16 + type ClientHelloMsg struct + AlpnProtocols []string + CipherSuites []uint16 + CompressionMethods []uint8 + Cookie []byte + EarlyData bool + Ems bool + KeyShares []KeyShare + NextProtoNeg bool + OcspStapling bool + PskBinders [][]byte + PskIdentities []pskIdentity + PskModes []uint8 + Random []byte + Raw []byte + Scts bool + SecureRenegotiation []byte + SecureRenegotiationSupported bool + ServerName string + SessionId []byte + SessionTicket []uint8 + SupportedCurves []CurveID + SupportedPoints []uint8 + SupportedSignatureAlgorithms []SignatureScheme + SupportedSignatureAlgorithmsCert []SignatureScheme + SupportedVersions []uint16 + TicketSupported bool + Vers uint16 + func UnmarshalClientHello(data []byte) *ClientHelloMsg + type ClientHelloSpec struct + CipherSuites []uint16 + CompressionMethods []uint8 + Extensions []TLSExtension + GetSessionID func(ticket []byte) [32]byte + TLSVersMax uint16 + TLSVersMin uint16 + type ClientSessionCache interface + Get func(sessionKey string) (session *ClientSessionState, ok bool) + Put func(sessionKey string, cs *ClientSessionState) + func NewLRUClientSessionCache(capacity int) ClientSessionCache + type ClientSessionState struct + func MakeClientSessionState(SessionTicket []uint8, Vers uint16, CipherSuite uint16, MasterSecret []byte, ...) *ClientSessionState + func (css *ClientSessionState) CipherSuite() uint16 + func (css *ClientSessionState) MasterSecret() []byte + func (css *ClientSessionState) ServerCertificates() []*x509.Certificate + func (css *ClientSessionState) SessionTicket() []uint8 + func (css *ClientSessionState) SetCipherSuite(CipherSuite uint16) + func (css *ClientSessionState) SetMasterSecret(MasterSecret []byte) + func (css *ClientSessionState) SetServerCertificates(ServerCertificates []*x509.Certificate) + func (css *ClientSessionState) SetSessionTicket(SessionTicket []uint8) + func (css *ClientSessionState) SetVerifiedChains(VerifiedChains [][]*x509.Certificate) + func (css *ClientSessionState) SetVers(Vers uint16) + func (css *ClientSessionState) VerifiedChains() [][]*x509.Certificate + func (css *ClientSessionState) Vers() uint16 + type CompressCertificateExtension struct + Algorithms []CertificateCompressionAlgorithm + func (e *CompressCertificateExtension) Len() int + func (e *CompressCertificateExtension) Read(b []byte) (int, error) + type Config struct + Certificates []Certificate + CipherSuites []uint16 + ClientAuth ClientAuthType + ClientCAs *x509.CertPool + ClientSessionCache ClientSessionCache + CurvePreferences []CurveID + DynamicRecordSizingDisabled bool + GetCertificate func(*ClientHelloInfo) (*Certificate, error) + GetClientCertificate func(*CertificateRequestInfo) (*Certificate, error) + GetConfigForClient func(*ClientHelloInfo) (*Config, error) + InsecureSkipVerify bool + KeyLogWriter io.Writer + MaxVersion uint16 + MinVersion uint16 + NameToCertificate map[string]*Certificate + NextProtos []string + PreferServerCipherSuites bool + Rand io.Reader + Renegotiation RenegotiationSupport + RootCAs *x509.CertPool + ServerName string + SessionTicketKey [32]byte + SessionTicketsDisabled bool + Time func() time.Time + VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error + func (c *Config) BuildNameToCertificate() + func (c *Config) Clone() *Config + func (c *Config) SetSessionTicketKeys(keys [][32]byte) + type Conn struct + func Client(conn net.Conn, config *Config) *Conn + func Dial(network, addr string, config *Config) (*Conn, error) + func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error) + func MakeConnWithCompleteHandshake(tcpConn net.Conn, version uint16, cipherSuite uint16, masterSecret []byte, ...) *Conn + func Server(conn net.Conn, config *Config) *Conn + func (c *Conn) Close() error + func (c *Conn) CloseWrite() error + func (c *Conn) ConnectionState() ConnectionState + func (c *Conn) Handshake() error + func (c *Conn) LocalAddr() net.Addr + func (c *Conn) OCSPResponse() []byte + func (c *Conn) Read(b []byte) (int, error) + func (c *Conn) RemoteAddr() net.Addr + func (c *Conn) SetDeadline(t time.Time) error + func (c *Conn) SetReadDeadline(t time.Time) error + func (c *Conn) SetWriteDeadline(t time.Time) error + func (c *Conn) VerifyHostname(host string) error + func (c *Conn) Write(b []byte) (int, error) + type ConnectionState struct + CipherSuite uint16 + DidResume bool + HandshakeComplete bool + NegotiatedProtocol string + NegotiatedProtocolIsMutual bool + OCSPResponse []byte + PeerCertificates []*x509.Certificate + ServerName string + SignedCertificateTimestamps [][]byte + TLSUnique []byte + VerifiedChains [][]*x509.Certificate + Version uint16 + func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error) + type CookieExtension struct + Cookie []byte + func (e *CookieExtension) Len() int + func (e *CookieExtension) Read(b []byte) (int, error) + type CurveID uint16 + const CurveP256 + const CurveP384 + const CurveP521 + const X25519 + type EcdheParameters interface + type FakeChannelIDExtension struct + func (e *FakeChannelIDExtension) Len() int + func (e *FakeChannelIDExtension) Read(b []byte) (int, error) + type FakeRecordSizeLimitExtension struct + Limit uint16 + func (e *FakeRecordSizeLimitExtension) Len() int + func (e *FakeRecordSizeLimitExtension) Read(b []byte) (int, error) + type Fingerprinter struct + AllowBluntMimicry bool + AlwaysAddPadding bool + KeepPSK bool + func (f *Fingerprinter) FingerprintClientHello(data []byte) (*ClientHelloSpec, error) + type FinishedHash struct + Buffer []byte + Client hash.Hash + ClientMD5 hash.Hash + Prf func(result, secret, label, seed []byte) + Server hash.Hash + ServerMD5 hash.Hash + Version uint16 + type GenericExtension struct + Data []byte + Id uint16 + func (e *GenericExtension) Len() int + func (e *GenericExtension) Read(b []byte) (int, error) + type KeyShare struct + Data []byte + Group CurveID + type KeyShareExtension struct + KeyShares []KeyShare + func (e *KeyShareExtension) Len() int + func (e *KeyShareExtension) Read(b []byte) (int, error) + type KeyShares []KeyShare + func (KSS KeyShares) ToPrivate() []keyShare + type NPNExtension struct + NextProtos []string + func (e *NPNExtension) Len() int + func (e *NPNExtension) Read(b []byte) (int, error) + type PRNGSeed [PRNGSeedLength]byte + func NewPRNGSeed() (*PRNGSeed, error) + type PSKKeyExchangeModesExtension struct + Modes []uint8 + func (e *PSKKeyExchangeModesExtension) Len() int + func (e *PSKKeyExchangeModesExtension) Read(b []byte) (int, error) + type RecordHeaderError struct + Conn net.Conn + Msg string + RecordHeader [5]byte + func (e RecordHeaderError) Error() string + type RenegotiationInfoExtension struct + Renegotiation RenegotiationSupport + func (e *RenegotiationInfoExtension) Len() int + func (e *RenegotiationInfoExtension) Read(b []byte) (int, error) + type RenegotiationSupport int + const RenegotiateFreelyAsClient + const RenegotiateNever + const RenegotiateOnceAsClient + type Roller struct + HelloIDMu sync.Mutex + HelloIDs []ClientHelloID + TcpDialTimeout time.Duration + TlsHandshakeTimeout time.Duration + WorkingHelloID *ClientHelloID + func NewRoller() (*Roller, error) + func (c *Roller) Dial(network, addr, serverName string) (*UConn, error) + type SCTExtension struct + func (e *SCTExtension) Len() int + func (e *SCTExtension) Read(b []byte) (int, error) + type SNIExtension struct + ServerName string + func (e *SNIExtension) Len() int + func (e *SNIExtension) Read(b []byte) (int, error) + type ServerHelloMsg struct + AlpnProtocol string + CipherSuite uint16 + CompressionMethod uint8 + Cookie []byte + Ems bool + NextProtoNeg bool + NextProtos []string + OcspStapling bool + Random []byte + Raw []byte + Scts [][]byte + SecureRenegotiation []byte + SecureRenegotiationSupported bool + SelectedGroup CurveID + SelectedIdentity uint16 + SelectedIdentityPresent bool + ServerShare keyShare + SessionId []byte + SupportedVersion uint16 + TicketSupported bool + Vers uint16 + type SessionTicketExtension struct + Session *ClientSessionState + func (e *SessionTicketExtension) Len() int + func (e *SessionTicketExtension) Read(b []byte) (int, error) + type SignatureAlgorithmsExtension struct + SupportedSignatureAlgorithms []SignatureScheme + func (e *SignatureAlgorithmsExtension) Len() int + func (e *SignatureAlgorithmsExtension) Read(b []byte) (int, error) + type SignatureScheme uint16 + const ECDSAWithP256AndSHA256 + const ECDSAWithP384AndSHA384 + const ECDSAWithP521AndSHA512 + const ECDSAWithSHA1 + const PKCS1WithSHA1 + const PKCS1WithSHA256 + const PKCS1WithSHA384 + const PKCS1WithSHA512 + const PSSWithSHA256 + const PSSWithSHA384 + const PSSWithSHA512 + var FakeECDSAWithSHA224 SignatureScheme = 0x0303 + var FakePKCS1WithSHA224 SignatureScheme = 0x0301 + type StatusRequestExtension struct + func (e *StatusRequestExtension) Len() int + func (e *StatusRequestExtension) Read(b []byte) (int, error) + type SupportedCurvesExtension struct + Curves []CurveID + func (e *SupportedCurvesExtension) Len() int + func (e *SupportedCurvesExtension) Read(b []byte) (int, error) + type SupportedPointsExtension struct + SupportedPoints []uint8 + func (e *SupportedPointsExtension) Len() int + func (e *SupportedPointsExtension) Read(b []byte) (int, error) + type SupportedVersionsExtension struct + Versions []uint16 + func (e *SupportedVersionsExtension) Len() int + func (e *SupportedVersionsExtension) Read(b []byte) (int, error) + type TLS12OnlyState struct + FinishedHash FinishedHash + Suite CipherSuite + type TLS13OnlyState struct + BinderKey []byte + CertCompAlgs []CertCompressionAlgo + CertReq *CertificateRequestMsgTLS13 + EarlySecret []byte + EcdheParams EcdheParameters + SentDummyCCS bool + Suite *CipherSuiteTLS13 + TrafficSecret []byte + Transcript hash.Hash + UsingPSK bool + type TLSExtension interface + Len func() int + Read func(p []byte) (n int, err error) + type TicketKey struct + AesKey [16]byte + HmacKey [16]byte + KeyName [ticketKeyNameLen]byte + func TicketKeyFromBytes(b [32]byte) TicketKey + func (TK TicketKey) ToPrivate() ticketKey + type TicketKeys []TicketKey + func (TKS TicketKeys) ToPrivate() []ticketKey + type UConn struct + ClientHelloBuilt bool + ClientHelloID ClientHelloID + Extensions []TLSExtension + GetSessionID func(ticket []byte) [32]byte + HandshakeState ClientHandshakeState + func UClient(conn net.Conn, config *Config, clientHelloID ClientHelloID) *UConn + func (c *UConn) Handshake() error + func (c *UConn) Write(b []byte) (int, error) + func (uconn *UConn) ApplyConfig() error + func (uconn *UConn) ApplyPreset(p *ClientHelloSpec) error + func (uconn *UConn) BuildHandshakeState() error + func (uconn *UConn) GetOutKeystream(length int) ([]byte, error) + func (uconn *UConn) GetUnderlyingConn() net.Conn + func (uconn *UConn) MarshalClientHello() error + func (uconn *UConn) RemoveSNIExtension() error + func (uconn *UConn) SetClientRandom(r []byte) error + func (uconn *UConn) SetSNI(sni string) + func (uconn *UConn) SetSessionCache(cache ClientSessionCache) + func (uconn *UConn) SetSessionState(session *ClientSessionState) error + func (uconn *UConn) SetTLSVers(minTLSVers, maxTLSVers uint16, specExtensions []TLSExtension) error + func (uconn *UConn) SetUnderlyingConn(c net.Conn) + type UtlsExtendedMasterSecretExtension struct + func (e *UtlsExtendedMasterSecretExtension) Len() int + func (e *UtlsExtendedMasterSecretExtension) Read(b []byte) (int, error) + type UtlsGREASEExtension struct + Body []byte + Value uint16 + func (e *UtlsGREASEExtension) Len() int + func (e *UtlsGREASEExtension) Read(b []byte) (int, error) + type UtlsPaddingExtension struct + GetPaddingLen func(clientHelloUnpaddedLen int) (paddingLen int, willPad bool) + PaddingLen int + WillPad bool + func (e *UtlsPaddingExtension) Len() int + func (e *UtlsPaddingExtension) Read(b []byte) (int, error) + func (e *UtlsPaddingExtension) Update(clientHelloUnpaddedLen int)