Documentation
¶
Overview ¶
Package tls partially implements TLS 1.2, as specified in RFC 5246.
Index ¶
- Constants
- func Listen(network, laddr string, config *Config) (net.Listener, error)
- func NewListener(inner net.Listener, config *Config) net.Listener
- type BadValue
- type Certificate
- type ClientAuthType
- type ClientSessionCache
- type ClientSessionState
- type Config
- type Conn
- func Client(conn net.Conn, config *Config) *Conn
- func DTLSClient(conn net.Conn, config *Config) *Conn
- func DTLSServer(conn net.Conn, config *Config) *Conn
- func Dial(network, addr string, config *Config) (*Conn, error)
- func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error)
- func Server(conn net.Conn, config *Config) *Conn
- func (c *Conn) Close() error
- func (c *Conn) ConnectionState() ConnectionState
- func (c *Conn) ExportKeyingMaterial(length int, label, context []byte, useContext bool) ([]byte, error)
- func (c *Conn) Handshake() error
- func (c *Conn) LocalAddr() net.Addr
- func (c *Conn) OCSPResponse() []byte
- func (c *Conn) Read(b []byte) (n int, err error)
- func (c *Conn) RemoteAddr() net.Addr
- func (c *Conn) Renegotiate() error
- func (c *Conn) SendAlert(level byte, err alert) error
- func (c *Conn) SetDeadline(t time.Time) error
- func (c *Conn) SetReadDeadline(t time.Time) error
- func (c *Conn) SetWriteDeadline(t time.Time) error
- func (c *Conn) VerifyHostname(host string) error
- func (c *Conn) Write(b []byte) (int, error)
- type ConnectionState
- type CurveID
- type ProtocolBugs
- type ServerSessionCache
Constants ¶
View Source
const ( TLS_RSA_WITH_NULL_SHA uint16 = 0x0002 TLS_RSA_WITH_RC4_128_MD5 uint16 = 0x0004 TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x0016 TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f TLS_DHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0x0033 TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 TLS_DHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0039 TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003c TLS_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x003d TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x0067 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 uint16 = 0x006b TLS_PSK_WITH_RC4_128_SHA uint16 = 0x008a TLS_PSK_WITH_AES_128_CBC_SHA uint16 = 0x008c TLS_PSK_WITH_AES_256_CBC_SHA uint16 = 0x008d TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009e TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009f TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xc009 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xc00a TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 uint16 = 0xc024 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc027 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 uint16 = 0xc028 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA uint16 = 0xc035 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA uint16 = 0xc036 )
A list of the possible cipher suite ids. Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
View Source
const ( TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcc13 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcc14 )
Additional cipher suite IDs, not IANA-assigned.
View Source
const ( VersionSSL30 = 0x0300 VersionTLS10 = 0x0301 VersionTLS11 = 0x0302 VersionTLS12 = 0x0303 )
View Source
const ( CertTypeRSASign = 1 // A certificate containing an RSA key CertTypeDSSSign = 2 // A certificate containing a DSA key CertTypeRSAFixedDH = 3 // A certificate containing a static DH key CertTypeDSSFixedDH = 4 // A certificate containing a static DH key // See RFC4492 sections 3 and 5.5. CertTypeECDSASign = 64 // A certificate containing an ECDSA-capable public key, signed with ECDSA. CertTypeRSAFixedECDH = 65 // A certificate containing an ECDH-capable public key, signed with RSA. CertTypeECDSAFixedECDH = 66 // A certificate containing an ECDH-capable public key, signed with ECDSA. )
Certificate types (for certificateRequestMsg)
View Source
const ( SRTP_AES128_CM_HMAC_SHA1_80 uint16 = 0x0001 SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002 )
SRTP protection profiles (See RFC 5764, section 4.1.2)
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Certificate ¶
type Certificate struct {
Certificate [][]byte
PrivateKey crypto.PrivateKey // supported types: *rsa.PrivateKey, *ecdsa.PrivateKey
// OCSPStaple contains an optional OCSP response which will be served
// to clients that request it.
OCSPStaple []byte
// SignedCertificateTimestampList contains an optional encoded
// SignedCertificateTimestampList structure which will be
// served to clients that request it.
SignedCertificateTimestampList []byte
// Leaf is the parsed form of the leaf certificate, which may be
// initialized using x509.ParseCertificate to reduce per-handshake
// processing for TLS clients doing client authentication. If nil, the
// leaf certificate will be parsed as needed.
Leaf *x509.Certificate
}
A Certificate is a chain of one or more certificates, leaf first.
func LoadX509KeyPair ¶
func LoadX509KeyPair(certFile, keyFile string) (cert Certificate, err error)
LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data.
func X509KeyPair ¶
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error)
X509KeyPair parses a public/private key pair from a pair of PEM encoded data.
type ClientAuthType ¶
type ClientAuthType int
ClientAuthType declares the policy the server will follow for TLS Client Authentication.
const ( NoClientCert ClientAuthType = iota RequestClientCert RequireAnyClientCert VerifyClientCertIfGiven RequireAndVerifyClientCert )
type ClientSessionCache ¶
type ClientSessionCache interface {
// Get searches for a ClientSessionState associated with the given key.
// On return, ok is true if one was found.
Get(sessionKey string) (session *ClientSessionState, ok bool)
// Put adds the ClientSessionState to the cache with the given key.
Put(sessionKey string, cs *ClientSessionState)
}
ClientSessionCache is a cache of ClientSessionState objects that can be used by a client to resume a TLS session with a given server. ClientSessionCache implementations should expect to be called concurrently from different goroutines.
func NewLRUClientSessionCache ¶
func NewLRUClientSessionCache(capacity int) ClientSessionCache
NewLRUClientSessionCache returns a ClientSessionCache with the given capacity that uses an LRU strategy. If capacity is < 1, a default capacity is used instead.
type ClientSessionState ¶
type ClientSessionState struct {
// contains filtered or unexported fields
}
ClientSessionState contains the state needed by clients to resume TLS sessions.
type Config ¶
type Config struct {
// Rand provides the source of entropy for nonces and RSA blinding.
// If Rand is nil, TLS uses the cryptographic random reader in package
// crypto/rand.
// The Reader must be safe for use by multiple goroutines.
Rand io.Reader
// Time returns the current time as the number of seconds since the epoch.
// If Time is nil, TLS uses time.Now.
Time func() time.Time
// Certificates contains one or more certificate chains
// to present to the other side of the connection.
// Server configurations must include at least one certificate.
Certificates []Certificate
// NameToCertificate maps from a certificate name to an element of
// Certificates. Note that a certificate name can be of the form
// '*.example.com' and so doesn't have to be a domain name as such.
// See Config.BuildNameToCertificate
// The nil value causes the first element of Certificates to be used
// for all connections.
NameToCertificate map[string]*Certificate
// RootCAs defines the set of root certificate authorities
// that clients use when verifying server certificates.
// If RootCAs is nil, TLS uses the host's root CA set.
RootCAs *x509.CertPool
// NextProtos is a list of supported, application level protocols.
NextProtos []string
// ServerName is used to verify the hostname on the returned
// certificates unless InsecureSkipVerify is given. It is also included
// in the client's handshake to support virtual hosting.
ServerName string
// ClientAuth determines the server's policy for
// TLS Client Authentication. The default is NoClientCert.
ClientAuth ClientAuthType
// ClientCAs defines the set of root certificate authorities
// that servers use if required to verify a client certificate
// by the policy in ClientAuth.
ClientCAs *x509.CertPool
// ClientCertificateTypes defines the set of allowed client certificate
// types. The default is CertTypeRSASign and CertTypeECDSASign.
ClientCertificateTypes []byte
// InsecureSkipVerify controls whether a client verifies the
// server's certificate chain and host name.
// If InsecureSkipVerify is true, TLS accepts any certificate
// presented by the server and any host name in that certificate.
// In this mode, TLS is susceptible to man-in-the-middle attacks.
// This should be used only for testing.
InsecureSkipVerify bool
// CipherSuites is a list of supported cipher suites. If CipherSuites
// is nil, TLS uses a list of suites supported by the implementation.
CipherSuites []uint16
// PreferServerCipherSuites controls whether the server selects the
// client's most preferred ciphersuite, or the server's most preferred
// ciphersuite. If true then the server's preference, as expressed in
// the order of elements in CipherSuites, is used.
PreferServerCipherSuites bool
// SessionTicketsDisabled may be set to true to disable session ticket
// (resumption) support.
SessionTicketsDisabled bool
// SessionTicketKey is used by TLS servers to provide session
// resumption. See RFC 5077. If zero, it will be filled with
// random data before the first server handshake.
//
// If multiple servers are terminating connections for the same host
// they should all have the same SessionTicketKey. If the
// SessionTicketKey leaks, previously recorded and future TLS
// connections using that key are compromised.
SessionTicketKey [32]byte
// ClientSessionCache is a cache of ClientSessionState entries
// for TLS session resumption.
ClientSessionCache ClientSessionCache
// ServerSessionCache is a cache of sessionState entries for TLS session
// resumption.
ServerSessionCache ServerSessionCache
// MinVersion contains the minimum SSL/TLS version that is acceptable.
// If zero, then SSLv3 is taken as the minimum.
MinVersion uint16
// MaxVersion contains the maximum SSL/TLS version that is acceptable.
// If zero, then the maximum version supported by this package is used,
// which is currently TLS 1.2.
MaxVersion uint16
// CurvePreferences contains the elliptic curves that will be used in
// an ECDHE handshake, in preference order. If empty, the default will
// be used.
CurvePreferences []CurveID
// ChannelID contains the ECDSA key for the client to use as
// its TLS Channel ID.
ChannelID *ecdsa.PrivateKey
// RequestChannelID controls whether the server requests a TLS
// Channel ID. If negotiated, the client's public key is
// returned in the ConnectionState.
RequestChannelID bool
// the PSK cipher suites.
PreSharedKey []byte
// with the PSK cipher suites.
PreSharedKeyIdentity string
// SRTPProtectionProfiles, if not nil, is the list of SRTP
// protection profiles to offer in DTLS-SRTP.
SRTPProtectionProfiles []uint16
// SignatureAndHashes, if not nil, overrides the default set of
// supported signature and hash algorithms to advertise in
// CertificateRequest.
SignatureAndHashes []signatureAndHash
// Bugs specifies optional misbehaviour to be used for testing other
// implementations.
Bugs ProtocolBugs
// contains filtered or unexported fields
}
A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified. A Config may be reused; the tls package will also not modify it.
func (*Config) BuildNameToCertificate ¶
func (c *Config) BuildNameToCertificate()
BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate from the CommonName and SubjectAlternateName fields of each of the leaf certificates.
type Conn ¶
type Conn struct {
// contains filtered or unexported fields
}
A Conn represents a secured connection. It implements the net.Conn interface.
func Client ¶
Client returns a new TLS client side connection using conn as the underlying transport. The config cannot be nil: users must set either ServerHostname or InsecureSkipVerify in the config.
func DTLSClient ¶
DTLSClient returns a new DTLS client side connection using conn as the underlying transport. The config cannot be nil: users must set either ServerHostname or InsecureSkipVerify in the config.
func DTLSServer ¶
DTLSServer returns a new DTLS server side connection using conn as the underlying transport. The configuration config must be non-nil and must have at least one certificate.
func Dial ¶
Dial connects to the given network address using net.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Dial interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.
func DialWithDialer ¶
DialWithDialer connects to the given network address using dialer.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Any timeout or deadline given in the dialer apply to connection and TLS handshake as a whole.
DialWithDialer interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.
func Server ¶
Server returns a new TLS server side connection using conn as the underlying transport. The configuration config must be non-nil and must have at least one certificate.
func (*Conn) ConnectionState ¶
func (c *Conn) ConnectionState() ConnectionState
ConnectionState returns basic TLS details about the connection.
func (*Conn) ExportKeyingMaterial ¶
func (c *Conn) ExportKeyingMaterial(length int, label, context []byte, useContext bool) ([]byte, error)
ExportKeyingMaterial exports keying material from the current connection state, as per RFC 5705.
func (*Conn) Handshake ¶
Handshake runs the client or server handshake protocol if it has not yet been run. Most uses of this package need not call Handshake explicitly: the first Read or Write will call it automatically.
func (*Conn) OCSPResponse ¶
OCSPResponse returns the stapled OCSP response from the TLS server, if any. (Only valid for client connections.)
func (*Conn) Read ¶
Read can be made to time out and return a net.Error with Timeout() == true after a fixed time limit; see SetDeadline and SetReadDeadline.
func (*Conn) RemoteAddr ¶
RemoteAddr returns the remote network address.
func (*Conn) Renegotiate ¶
func (*Conn) SetDeadline ¶
SetDeadline sets the read and write deadlines associated with the connection. A zero value for t means Read and Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
func (*Conn) SetReadDeadline ¶
SetReadDeadline sets the read deadline on the underlying connection. A zero value for t means Read will not time out.
func (*Conn) SetWriteDeadline ¶
SetWriteDeadline sets the write deadline on the underlying conneciton. A zero value for t means Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
func (*Conn) VerifyHostname ¶
VerifyHostname checks that the peer certificate chain is valid for connecting to host. If so, it returns nil; if not, it returns an error describing the problem.
type ConnectionState ¶
type ConnectionState struct {
Version uint16 // TLS version used by the connection (e.g. VersionTLS12)
HandshakeComplete bool // TLS handshake is complete
DidResume bool // connection resumes a previous TLS connection
CipherSuite uint16 // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...)
NegotiatedProtocol string // negotiated next protocol (from Config.NextProtos)
NegotiatedProtocolIsMutual bool // negotiated protocol was advertised by server
NegotiatedProtocolFromALPN bool // protocol negotiated with ALPN
ServerName string // server name requested by client, if any (server side only)
PeerCertificates []*x509.Certificate // certificate chain presented by remote peer
VerifiedChains [][]*x509.Certificate // verified chains built from PeerCertificates
ChannelID *ecdsa.PublicKey // the channel ID for this connection
SRTPProtectionProfile uint16 // the negotiated DTLS-SRTP protection profile
TLSUnique []byte // the tls-unique channel binding
SCTList []byte // signed certificate timestamp list
ClientCertSignatureHash uint8 // TLS id of the hash used by the client to sign the handshake
}
ConnectionState records basic TLS details about the connection.
type CurveID ¶
type CurveID uint16
CurveID is the type of a TLS identifier for an elliptic curve. See http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
type ProtocolBugs ¶
type ProtocolBugs struct {
// InvalidSKXSignature specifies that the signature in a
// ServerKeyExchange message should be invalid.
InvalidSKXSignature bool
// InvalidCertVerifySignature specifies that the signature in a
// CertificateVerify message should be invalid.
InvalidCertVerifySignature bool
// InvalidSKXCurve causes the curve ID in the ServerKeyExchange message
// to be wrong.
InvalidSKXCurve bool
// BadECDSAR controls ways in which the 'r' value of an ECDSA signature
// can be invalid.
BadECDSAR BadValue
BadECDSAS BadValue
// MaxPadding causes CBC records to have the maximum possible padding.
MaxPadding bool
// PaddingFirstByteBad causes the first byte of the padding to be
// incorrect.
PaddingFirstByteBad bool
// PaddingFirstByteBadIf255 causes the first byte of padding to be
// incorrect if there's a maximum amount of padding (i.e. 255 bytes).
PaddingFirstByteBadIf255 bool
// FailIfNotFallbackSCSV causes a server handshake to fail if the
// client doesn't send the fallback SCSV value.
FailIfNotFallbackSCSV bool
// DuplicateExtension causes an extra empty extension of bogus type to
// be emitted in either the ClientHello or the ServerHello.
DuplicateExtension bool
// UnauthenticatedECDH causes the server to pretend ECDHE_RSA
// and ECDHE_ECDSA cipher suites are actually ECDH_anon. No
// Certificate message is sent and no signature is added to
// ServerKeyExchange.
UnauthenticatedECDH bool
// SkipHelloVerifyRequest causes a DTLS server to skip the
// HelloVerifyRequest message.
SkipHelloVerifyRequest bool
// SkipCertificateStatus, if true, causes the server to skip the
// CertificateStatus message. This is legal because CertificateStatus is
// optional, even with a status_request in ServerHello.
SkipCertificateStatus bool
// SkipServerKeyExchange causes the server to skip sending
// ServerKeyExchange messages.
SkipServerKeyExchange bool
// SkipNewSessionTicket causes the server to skip sending the
// NewSessionTicket message despite promising to in ServerHello.
SkipNewSessionTicket bool
// SkipChangeCipherSpec causes the implementation to skip
// sending the ChangeCipherSpec message (and adjusting cipher
// state accordingly for the Finished message).
SkipChangeCipherSpec bool
// SkipFinished causes the implementation to skip sending the Finished
// message.
SkipFinished bool
// EarlyChangeCipherSpec causes the client to send an early
// ChangeCipherSpec message before the ClientKeyExchange. A value of
// zero disables this behavior. One and two configure variants for 0.9.8
// and 1.0.1 modes, respectively.
EarlyChangeCipherSpec int
// FragmentAcrossChangeCipherSpec causes the implementation to fragment
// the Finished (or NextProto) message around the ChangeCipherSpec
// messages.
FragmentAcrossChangeCipherSpec bool
// SendV2ClientHello causes the client to send a V2ClientHello
// instead of a normal ClientHello.
SendV2ClientHello bool
// SendFallbackSCSV causes the client to include
// TLS_FALLBACK_SCSV in the ClientHello.
SendFallbackSCSV bool
// SendRenegotiationSCSV causes the client to include the renegotiation
// SCSV in the ClientHello.
SendRenegotiationSCSV bool
// MaxHandshakeRecordLength, if non-zero, is the maximum size of a
// handshake record. Handshake messages will be split into multiple
// records at the specified size, except that the client_version will
// never be fragmented. For DTLS, it is the maximum handshake fragment
// size, not record size; DTLS allows multiple handshake fragments in a
// single handshake record. See |PackHandshakeFragments|.
MaxHandshakeRecordLength int
// FragmentClientVersion will allow MaxHandshakeRecordLength to apply to
// the first 6 bytes of the ClientHello.
FragmentClientVersion bool
// FragmentAlert will cause all alerts to be fragmented across
// two records.
FragmentAlert bool
// SendSpuriousAlert, if non-zero, will cause an spurious, unwanted
// alert to be sent.
SendSpuriousAlert alert
// RsaClientKeyExchangeVersion, if non-zero, causes the client to send a
// ClientKeyExchange with the specified version rather than the
// client_version when performing the RSA key exchange.
RsaClientKeyExchangeVersion uint16
// RenewTicketOnResume causes the server to renew the session ticket and
// send a NewSessionTicket message during an abbreviated handshake.
RenewTicketOnResume bool
// SendClientVersion, if non-zero, causes the client to send a different
// TLS version in the ClientHello than the maximum supported version.
SendClientVersion uint16
// ExpectFalseStart causes the server to, on full handshakes,
// expect the peer to False Start; the server Finished message
// isn't sent until we receive an application data record
// from the peer.
ExpectFalseStart bool
// AlertBeforeFalseStartTest, if non-zero, causes the server to, on full
// handshakes, send an alert just before reading the application data
// record to test False Start. This can be used in a negative False
// Start test to determine whether the peer processed the alert (and
// closed the connection) before or after sending app data.
AlertBeforeFalseStartTest alert
// SSL3RSAKeyExchange causes the client to always send an RSA
// ClientKeyExchange message without the two-byte length
// prefix, as if it were SSL3.
SSL3RSAKeyExchange bool
// SkipCipherVersionCheck causes the server to negotiate
// TLS 1.2 ciphers in earlier versions of TLS.
SkipCipherVersionCheck bool
// ExpectServerName, if not empty, is the hostname the client
// must specify in the server_name extension.
ExpectServerName string
// SwapNPNAndALPN switches the relative order between NPN and ALPN in
// both ClientHello and ServerHello.
SwapNPNAndALPN bool
// ALPNProtocol, if not nil, sets the ALPN protocol that a server will
// return.
ALPNProtocol *string
// AllowSessionVersionMismatch causes the server to resume sessions
// regardless of the version associated with the session.
AllowSessionVersionMismatch bool
// CorruptTicket causes a client to corrupt a session ticket before
// sending it in a resume handshake.
CorruptTicket bool
// OversizedSessionId causes the session id that is sent with a ticket
// resumption attempt to be too large (33 bytes).
OversizedSessionId bool
// RequireExtendedMasterSecret, if true, requires that the peer support
// the extended master secret option.
RequireExtendedMasterSecret bool
// NoExtendedMasterSecret causes the client and server to behave as if
// they didn't support an extended master secret.
NoExtendedMasterSecret bool
// EmptyRenegotiationInfo causes the renegotiation extension to be
// empty in a renegotiation handshake.
EmptyRenegotiationInfo bool
// BadRenegotiationInfo causes the renegotiation extension value in a
// renegotiation handshake to be incorrect.
BadRenegotiationInfo bool
// NoRenegotiationInfo causes the client to behave as if it
// didn't support the renegotiation info extension.
NoRenegotiationInfo bool
// RequireRenegotiationInfo, if true, causes the client to return an
// error if the server doesn't reply with the renegotiation extension.
RequireRenegotiationInfo bool
// SequenceNumberMapping, if non-nil, is the mapping function to apply
// to the sequence number of outgoing packets. For both TLS and DTLS,
// the two most-significant bytes in the resulting sequence number are
// ignored so that the DTLS epoch cannot be changed.
SequenceNumberMapping func(uint64) uint64
// RSAEphemeralKey, if true, causes the server to send a
// ServerKeyExchange message containing an ephemeral key (as in
// RSA_EXPORT) in the plain RSA key exchange.
RSAEphemeralKey bool
// SRTPMasterKeyIdentifer, if not empty, is the SRTP MKI value that the
// client offers when negotiating SRTP. MKI support is still missing so
// the peer must still send none.
SRTPMasterKeyIdentifer string
// SendSRTPProtectionProfile, if non-zero, is the SRTP profile that the
// server sends in the ServerHello instead of the negotiated one.
SendSRTPProtectionProfile uint16
// NoSignatureAndHashes, if true, causes the client to omit the
// signature and hashes extension.
//
// For a server, it will cause an empty list to be sent in the
// CertificateRequest message. None the less, the configured set will
// still be enforced.
NoSignatureAndHashes bool
// NoSupportedCurves, if true, causes the client to omit the
// supported_curves extension.
NoSupportedCurves bool
// RequireSameRenegoClientVersion, if true, causes the server
// to require that all ClientHellos match in offered version
// across a renego.
RequireSameRenegoClientVersion bool
// ExpectInitialRecordVersion, if non-zero, is the expected
// version of the records before the version is determined.
ExpectInitialRecordVersion uint16
// MaxPacketLength, if non-zero, is the maximum acceptable size for a
// packet.
MaxPacketLength int
// SendCipherSuite, if non-zero, is the cipher suite value that the
// server will send in the ServerHello. This does not affect the cipher
// the server believes it has actually negotiated.
SendCipherSuite uint16
// AppDataBeforeHandshake, if not nil, causes application data to be
// sent immediately before the first handshake message.
AppDataBeforeHandshake []byte
// AppDataAfterChangeCipherSpec, if not nil, causes application data to
// be sent immediately after ChangeCipherSpec.
AppDataAfterChangeCipherSpec []byte
// AlertAfterChangeCipherSpec, if non-zero, causes an alert to be sent
// immediately after ChangeCipherSpec.
AlertAfterChangeCipherSpec alert
// TimeoutSchedule is the schedule of packet drops and simulated
// timeouts for before each handshake leg from the peer.
TimeoutSchedule []time.Duration
// PacketAdaptor is the packetAdaptor to use to simulate timeouts.
PacketAdaptor *packetAdaptor
// ReorderHandshakeFragments, if true, causes handshake fragments in
// DTLS to overlap and be sent in the wrong order. It also causes
// pre-CCS flights to be sent twice. (Post-CCS flights consist of
// Finished and will trigger a spurious retransmit.)
ReorderHandshakeFragments bool
// MixCompleteMessageWithFragments, if true, causes handshake
// messages in DTLS to redundantly both fragment the message
// and include a copy of the full one.
MixCompleteMessageWithFragments bool
// SendInvalidRecordType, if true, causes a record with an invalid
// content type to be sent immediately following the handshake.
SendInvalidRecordType bool
// WrongCertificateMessageType, if true, causes Certificate message to
// be sent with the wrong message type.
WrongCertificateMessageType bool
// FragmentMessageTypeMismatch, if true, causes all non-initial
// handshake fragments in DTLS to have the wrong message type.
FragmentMessageTypeMismatch bool
// FragmentMessageLengthMismatch, if true, causes all non-initial
// handshake fragments in DTLS to have the wrong message length.
FragmentMessageLengthMismatch bool
// SplitFragments, if non-zero, causes the handshake fragments in DTLS
// to be split across two records. The value of |SplitFragments| is the
// number of bytes in the first fragment.
SplitFragments int
// SendEmptyFragments, if true, causes handshakes to include empty
// fragments in DTLS.
SendEmptyFragments bool
// SendSplitAlert, if true, causes an alert to be sent with the header
// and record body split across multiple packets. The peer should
// discard these packets rather than process it.
SendSplitAlert bool
// FailIfResumeOnRenego, if true, causes renegotiations to fail if the
// client offers a resumption or the server accepts one.
FailIfResumeOnRenego bool
// IgnorePeerCipherPreferences, if true, causes the peer's cipher
// preferences to be ignored.
IgnorePeerCipherPreferences bool
// IgnorePeerSignatureAlgorithmPreferences, if true, causes the peer's
// signature algorithm preferences to be ignored.
IgnorePeerSignatureAlgorithmPreferences bool
// IgnorePeerCurvePreferences, if true, causes the peer's curve
// preferences to be ignored.
IgnorePeerCurvePreferences bool
// BadFinished, if true, causes the Finished hash to be broken.
BadFinished bool
// DHGroupPrime, if not nil, is used to define the (finite field)
// Diffie-Hellman group. The generator used is always two.
DHGroupPrime *big.Int
// PackHandshakeFragments, if true, causes handshake fragments to be
// packed into individual handshake records, up to the specified record
// size.
PackHandshakeFragments int
// PackHandshakeRecords, if true, causes handshake records to be packed
// into individual packets, up to the specified packet size.
PackHandshakeRecords int
// EnableAllCiphersInDTLS, if true, causes RC4 to be enabled in DTLS.
EnableAllCiphersInDTLS bool
// EmptyCertificateList, if true, causes the server to send an empty
// certificate list in the Certificate message.
EmptyCertificateList bool
// ExpectNewTicket, if true, causes the client to abort if it does not
// receive a new ticket.
ExpectNewTicket bool
// RequireClientHelloSize, if not zero, is the required length in bytes
// of the ClientHello /record/. This is checked by the server.
RequireClientHelloSize int
// CustomExtension, if not empty, contains the contents of an extension
// that will be added to client/server hellos.
CustomExtension string
// ExpectedCustomExtension, if not nil, contains the expected contents
// of a custom extension.
ExpectedCustomExtension *string
// NoCloseNotify, if true, causes the close_notify alert to be skipped
// on connection shutdown.
NoCloseNotify bool
// ExpectCloseNotify, if true, requires a close_notify from the peer on
// shutdown. Records from the peer received after close_notify is sent
// are not discard.
ExpectCloseNotify bool
// SendLargeRecords, if true, allows outgoing records to be sent
// arbitrarily large.
SendLargeRecords bool
// NegotiateALPNAndNPN, if true, causes the server to negotiate both
// ALPN and NPN in the same connetion.
NegotiateALPNAndNPN bool
// SendEmptySessionTicket, if true, causes the server to send an empty
// session ticket.
SendEmptySessionTicket bool
// FailIfSessionOffered, if true, causes the server to fail any
// connections where the client offers a non-empty session ID or session
// ticket.
FailIfSessionOffered bool
// SendHelloRequestBeforeEveryAppDataRecord, if true, causes a
// HelloRequest handshake message to be sent before each application
// data record. This only makes sense for a server.
SendHelloRequestBeforeEveryAppDataRecord bool
// RequireDHPublicValueLen causes a fatal error if the length (in
// bytes) of the server's Diffie-Hellman public value is not equal to
// this.
RequireDHPublicValueLen int
}
type ServerSessionCache ¶
type ServerSessionCache interface {
// Get searches for a sessionState associated with the given session
// ID. On return, ok is true if one was found.
Get(sessionId string) (session *sessionState, ok bool)
// Put adds the sessionState to the cache with the given session ID.
Put(sessionId string, session *sessionState)
}
ServerSessionCache is a cache of sessionState objects that can be used by a client to resume a TLS session with a given server. ServerSessionCache implementations should expect to be called concurrently from different goroutines.
func NewLRUServerSessionCache ¶
func NewLRUServerSessionCache(capacity int) ServerSessionCache
NewLRUServerSessionCache returns a ServerSessionCache with the given capacity that uses an LRU strategy. If capacity is < 1, a default capacity is used instead.
Source Files
Click to show internal directories.
Click to hide internal directories.