ztls

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 17, 2015 License: Apache-2.0 Imports: 33 Imported by: 20

Documentation

Overview

Package tls partially implements TLS 1.2, as specified in RFC 5246.

Index

Examples

Constants

View Source
const (
	TLS_NULL_WITH_NULL_NULL                       = 0x0000
	TLS_RSA_WITH_NULL_MD5                         = 0x0001
	TLS_RSA_WITH_NULL_SHA                         = 0x0002
	TLS_RSA_EXPORT_WITH_RC4_40_MD5                = 0x0003
	TLS_RSA_WITH_RC4_128_MD5                      = 0x0004
	TLS_RSA_WITH_RC4_128_SHA                      = 0x0005
	TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5            = 0x0006
	TLS_RSA_WITH_IDEA_CBC_SHA                     = 0x0007
	TLS_RSA_EXPORT_WITH_DES40_CBC_SHA             = 0x0008
	TLS_RSA_WITH_DES_CBC_SHA                      = 0x0009
	TLS_RSA_WITH_3DES_EDE_CBC_SHA                 = 0x000A
	TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA          = 0x000B
	TLS_DH_DSS_WITH_DES_CBC_SHA                   = 0x000C
	TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA              = 0x000D
	TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA          = 0x000E
	TLS_DH_RSA_WITH_DES_CBC_SHA                   = 0x000F
	TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA              = 0x0010
	TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA         = 0x0011
	TLS_DHE_DSS_WITH_DES_CBC_SHA                  = 0x0012
	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA             = 0x0013
	TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA         = 0x0014
	TLS_DHE_RSA_WITH_DES_CBC_SHA                  = 0x0015
	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA             = 0x0016
	TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5            = 0x0017
	TLS_DH_ANON_WITH_RC4_128_MD5                  = 0x0018
	TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA         = 0x0019
	TLS_DH_ANON_WITH_DES_CBC_SHA                  = 0x001A
	TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA             = 0x001B
	SSL_FORTEZZA_KEA_WITH_NULL_SHA                = 0x001C
	SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA        = 0x001D
	TLS_KRB5_WITH_DES_CBC_SHA                     = 0x001E
	TLS_KRB5_WITH_3DES_EDE_CBC_SHA                = 0x001F
	TLS_KRB5_WITH_RC4_128_SHA                     = 0x0020
	TLS_KRB5_WITH_IDEA_CBC_SHA                    = 0x0021
	TLS_KRB5_WITH_DES_CBC_MD5                     = 0x0022
	TLS_KRB5_WITH_3DES_EDE_CBC_MD5                = 0x0023
	TLS_KRB5_WITH_RC4_128_MD5                     = 0x0024
	TLS_KRB5_WITH_IDEA_CBC_MD5                    = 0x0025
	TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA           = 0x0026
	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA           = 0x0027
	TLS_KRB5_EXPORT_WITH_RC4_40_SHA               = 0x0028
	TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5           = 0x0029
	TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5           = 0x002A
	TLS_KRB5_EXPORT_WITH_RC4_40_MD5               = 0x002B
	TLS_PSK_WITH_NULL_SHA                         = 0x002C
	TLS_DHE_PSK_WITH_NULL_SHA                     = 0x002D
	TLS_RSA_PSK_WITH_NULL_SHA                     = 0x002E
	TLS_RSA_WITH_AES_128_CBC_SHA                  = 0x002F
	TLS_DH_DSS_WITH_AES_128_CBC_SHA               = 0x0030
	TLS_DH_RSA_WITH_AES_128_CBC_SHA               = 0x0031
	TLS_DHE_DSS_WITH_AES_128_CBC_SHA              = 0x0032
	TLS_DHE_RSA_WITH_AES_128_CBC_SHA              = 0x0033
	TLS_DH_ANON_WITH_AES_128_CBC_SHA              = 0x0034
	TLS_RSA_WITH_AES_256_CBC_SHA                  = 0x0035
	TLS_DH_DSS_WITH_AES_256_CBC_SHA               = 0x0036
	TLS_DH_RSA_WITH_AES_256_CBC_SHA               = 0x0037
	TLS_DHE_DSS_WITH_AES_256_CBC_SHA              = 0x0038
	TLS_DHE_RSA_WITH_AES_256_CBC_SHA              = 0x0039
	TLS_DH_ANON_WITH_AES_256_CBC_SHA              = 0x003A
	TLS_RSA_WITH_NULL_SHA256                      = 0x003B
	TLS_RSA_WITH_AES_128_CBC_SHA256               = 0x003C
	TLS_RSA_WITH_AES_256_CBC_SHA256               = 0x003D
	TLS_DH_DSS_WITH_AES_128_CBC_SHA256            = 0x003E
	TLS_DH_RSA_WITH_AES_128_CBC_SHA256            = 0x003F
	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256           = 0x0040
	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA             = 0x0041
	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA          = 0x0042
	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA          = 0x0043
	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA         = 0x0044
	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA         = 0x0045
	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA         = 0x0046
	TLS_RSA_EXPORT1024_WITH_RC4_56_MD5            = 0x0060
	TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5        = 0x0061
	TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA           = 0x0062
	TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA       = 0x0063
	TLS_RSA_EXPORT1024_WITH_RC4_56_SHA            = 0x0064
	TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA        = 0x0065
	TLS_DHE_DSS_WITH_RC4_128_SHA                  = 0x0066
	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256           = 0x0067
	TLS_DH_DSS_WITH_AES_256_CBC_SHA256            = 0x0068
	TLS_DH_RSA_WITH_AES_256_CBC_SHA256            = 0x0069
	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256           = 0x006A
	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256           = 0x006B
	TLS_DH_ANON_WITH_AES_128_CBC_SHA256           = 0x006C
	TLS_DH_ANON_WITH_AES_256_CBC_SHA256           = 0x006D
	TLS_GOSTR341094_WITH_28147_CNT_IMIT           = 0x0080
	TLS_GOSTR341001_WITH_28147_CNT_IMIT           = 0x0081
	TLS_GOSTR341094_WITH_NULL_GOSTR3411           = 0x0082
	TLS_GOSTR341001_WITH_NULL_GOSTR3411           = 0x0083
	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA             = 0x0084
	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA          = 0x0085
	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA          = 0x0086
	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA         = 0x0087
	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA         = 0x0088
	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA         = 0x0089
	TLS_PSK_WITH_RC4_128_SHA                      = 0x008A
	TLS_PSK_WITH_3DES_EDE_CBC_SHA                 = 0x008B
	TLS_PSK_WITH_AES_128_CBC_SHA                  = 0x008C
	TLS_PSK_WITH_AES_256_CBC_SHA                  = 0x008D
	TLS_DHE_PSK_WITH_RC4_128_SHA                  = 0x008E
	TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA             = 0x008F
	TLS_DHE_PSK_WITH_AES_128_CBC_SHA              = 0x0090
	TLS_DHE_PSK_WITH_AES_256_CBC_SHA              = 0x0091
	TLS_RSA_PSK_WITH_RC4_128_SHA                  = 0x0092
	TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA             = 0x0093
	TLS_RSA_PSK_WITH_AES_128_CBC_SHA              = 0x0094
	TLS_RSA_PSK_WITH_AES_256_CBC_SHA              = 0x0095
	TLS_RSA_WITH_SEED_CBC_SHA                     = 0x0096
	TLS_DH_DSS_WITH_SEED_CBC_SHA                  = 0x0097
	TLS_DH_RSA_WITH_SEED_CBC_SHA                  = 0x0098
	TLS_DHE_DSS_WITH_SEED_CBC_SHA                 = 0x0099
	TLS_DHE_RSA_WITH_SEED_CBC_SHA                 = 0x009A
	TLS_DH_ANON_WITH_SEED_CBC_SHA                 = 0x009B
	TLS_RSA_WITH_AES_128_GCM_SHA256               = 0x009C
	TLS_RSA_WITH_AES_256_GCM_SHA384               = 0x009D
	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256           = 0x009E
	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384           = 0x009F
	TLS_DH_RSA_WITH_AES_128_GCM_SHA256            = 0x00A0
	TLS_DH_RSA_WITH_AES_256_GCM_SHA384            = 0x00A1
	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256           = 0x00A2
	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384           = 0x00A3
	TLS_DH_DSS_WITH_AES_128_GCM_SHA256            = 0x00A4
	TLS_DH_DSS_WITH_AES_256_GCM_SHA384            = 0x00A5
	TLS_DH_ANON_WITH_AES_128_GCM_SHA256           = 0x00A6
	TLS_DH_ANON_WITH_AES_256_GCM_SHA384           = 0x00A7
	TLS_PSK_WITH_AES_128_GCM_SHA256               = 0x00A8
	TLS_PSK_WITH_AES_256_GCM_SHA384               = 0x00A9
	TLS_DHE_PSK_WITH_AES_128_GCM_SHA256           = 0x00AA
	TLS_DHE_PSK_WITH_AES_256_GCM_SHA384           = 0x00AB
	TLS_RSA_PSK_WITH_AES_128_GCM_SHA256           = 0x00AC
	TLS_RSA_PSK_WITH_AES_256_GCM_SHA384           = 0x00AD
	TLS_PSK_WITH_AES_128_CBC_SHA256               = 0x00AE
	TLS_PSK_WITH_AES_256_CBC_SHA384               = 0x00AF
	TLS_PSK_WITH_NULL_SHA256                      = 0x00B0
	TLS_PSK_WITH_NULL_SHA384                      = 0x00B1
	TLS_DHE_PSK_WITH_AES_128_CBC_SHA256           = 0x00B2
	TLS_DHE_PSK_WITH_AES_256_CBC_SHA384           = 0x00B3
	TLS_DHE_PSK_WITH_NULL_SHA256                  = 0x00B4
	TLS_DHE_PSK_WITH_NULL_SHA384                  = 0x00B5
	TLS_RSA_PSK_WITH_AES_128_CBC_SHA256           = 0x00B6
	TLS_RSA_PSK_WITH_AES_256_CBC_SHA384           = 0x00B7
	TLS_RSA_PSK_WITH_NULL_SHA256                  = 0x00B8
	TLS_RSA_PSK_WITH_NULL_SHA384                  = 0x00B9
	TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256          = 0x00BA
	TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256       = 0x00BB
	TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256       = 0x00BC
	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256      = 0x00BD
	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256      = 0x00BE
	TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256      = 0x00BF
	TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256          = 0x00C0
	TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256       = 0x00C1
	TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256       = 0x00C2
	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256      = 0x00C3
	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256      = 0x00C4
	TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256      = 0x00C5
	TLS_RENEGO_PROTECTION_REQUEST                 = 0x00FF
	TLS_FALLBACK_SCSV                             = 0x5600
	TLS_ECDH_ECDSA_WITH_NULL_SHA                  = 0xC001
	TLS_ECDH_ECDSA_WITH_RC4_128_SHA               = 0xC002
	TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA          = 0xC003
	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA           = 0xC004
	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA           = 0xC005
	TLS_ECDHE_ECDSA_WITH_NULL_SHA                 = 0xC006
	TLS_ECDHE_ECDSA_WITH_RC4_128_SHA              = 0xC007
	TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA         = 0xC008
	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA          = 0xC009
	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA          = 0xC00A
	TLS_ECDH_RSA_WITH_NULL_SHA                    = 0xC00B
	TLS_ECDH_RSA_WITH_RC4_128_SHA                 = 0xC00C
	TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA            = 0xC00D
	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA             = 0xC00E
	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA             = 0xC00F
	TLS_ECDHE_RSA_WITH_NULL_SHA                   = 0xC010
	TLS_ECDHE_RSA_WITH_RC4_128_SHA                = 0xC011
	TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA           = 0xC012
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA            = 0xC013
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA            = 0xC014
	TLS_ECDH_ANON_WITH_NULL_SHA                   = 0xC015
	TLS_ECDH_ANON_WITH_RC4_128_SHA                = 0xC016
	TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA           = 0xC017
	TLS_ECDH_ANON_WITH_AES_128_CBC_SHA            = 0xC018
	TLS_ECDH_ANON_WITH_AES_256_CBC_SHA            = 0xC019
	TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA             = 0xC01A
	TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA         = 0xC01B
	TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA         = 0xC01C
	TLS_SRP_SHA_WITH_AES_128_CBC_SHA              = 0xC01D
	TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA          = 0xC01E
	TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA          = 0xC01F
	TLS_SRP_SHA_WITH_AES_256_CBC_SHA              = 0xC020
	TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA          = 0xC021
	TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA          = 0xC022
	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       = 0xC023
	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384       = 0xC024
	TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256        = 0xC025
	TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384        = 0xC026
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         = 0xC027
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384         = 0xC028
	TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256          = 0xC029
	TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384          = 0xC02A
	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       = 0xC02B
	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       = 0xC02C
	TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256        = 0xC02D
	TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384        = 0xC02E
	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         = 0xC02F
	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         = 0xC030
	TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256          = 0xC031
	TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384          = 0xC032
	TLS_ECDHE_PSK_WITH_RC4_128_SHA                = 0xC033
	TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           = 0xC034
	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA            = 0xC035
	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA            = 0xC036
	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256         = 0xC037
	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384         = 0xC038
	TLS_ECDHE_PSK_WITH_NULL_SHA                   = 0xC039
	TLS_ECDHE_PSK_WITH_NULL_SHA256                = 0xC03A
	TLS_ECDHE_PSK_WITH_NULL_SHA384                = 0xC03B
	TLS_RSA_WITH_ARIA_128_CBC_SHA256              = 0xC03C
	TLS_RSA_WITH_ARIA_256_CBC_SHA384              = 0xC03D
	TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256           = 0xC03E
	TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384           = 0xC03F
	TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256           = 0xC040
	TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384           = 0xC041
	TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256          = 0xC042
	TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384          = 0xC043
	TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256          = 0xC044
	TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384          = 0xC045
	TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256          = 0xC046
	TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384          = 0xC047
	TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256      = 0xC048
	TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384      = 0xC049
	TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256       = 0xC04A
	TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384       = 0xC04B
	TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256        = 0xC04C
	TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384        = 0xC04D
	TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256         = 0xC04E
	TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384         = 0xC04F
	TLS_RSA_WITH_ARIA_128_GCM_SHA256              = 0xC050
	TLS_RSA_WITH_ARIA_256_GCM_SHA384              = 0xC051
	TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256          = 0xC052
	TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384          = 0xC053
	TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256           = 0xC054
	TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384           = 0xC055
	TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256          = 0xC056
	TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384          = 0xC057
	TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256           = 0xC058
	TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384           = 0xC059
	TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256          = 0xC05A
	TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384          = 0xC05B
	TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256      = 0xC05C
	TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384      = 0xC05D
	TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256       = 0xC05E
	TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384       = 0xC05F
	TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256        = 0xC060
	TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384        = 0xC061
	TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256         = 0xC062
	TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384         = 0xC063
	TLS_PSK_WITH_ARIA_128_CBC_SHA256              = 0xC064
	TLS_PSK_WITH_ARIA_256_CBC_SHA384              = 0xC065
	TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256          = 0xC066
	TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384          = 0xC067
	TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256          = 0xC068
	TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384          = 0xC069
	TLS_PSK_WITH_ARIA_128_GCM_SHA256              = 0xC06A
	TLS_PSK_WITH_ARIA_256_GCM_SHA384              = 0xC06B
	TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256          = 0xC06C
	TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384          = 0xC06D
	TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256          = 0xC06E
	TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384          = 0xC06F
	TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256        = 0xC070
	TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384        = 0xC071
	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  = 0xC072
	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  = 0xC073
	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256   = 0xC074
	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384   = 0xC075
	TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256    = 0xC076
	TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384    = 0xC077
	TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256     = 0xC078
	TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384     = 0xC079
	TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256          = 0xC07A
	TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384          = 0xC07B
	TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256      = 0xC07C
	TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384      = 0xC07D
	TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256       = 0xC07E
	TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384       = 0xC07F
	TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256      = 0xC080
	TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384      = 0xC081
	TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256       = 0xC082
	TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384       = 0xC083
	TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256      = 0xC084
	TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384      = 0xC085
	TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  = 0xC086
	TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  = 0xC087
	TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256   = 0xC088
	TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384   = 0xC089
	TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256    = 0xC08A
	TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384    = 0xC08B
	TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256     = 0xC08C
	TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384     = 0xC08D
	TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256          = 0xC08E
	TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384          = 0xC08F
	TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256      = 0xC090
	TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384      = 0xC091
	TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256      = 0xC092
	TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384      = 0xC093
	TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256          = 0xC094
	TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384          = 0xC095
	TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      = 0xC096
	TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      = 0xC097
	TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      = 0xC098
	TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      = 0xC099
	TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    = 0xC09A
	TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    = 0xC09B
	TLS_RSA_WITH_AES_128_CCM                      = 0xC09C
	TLS_RSA_WITH_AES_256_CCM                      = 0xC09D
	TLS_DHE_RSA_WITH_AES_128_CCM                  = 0xC09E
	TLS_DHE_RSA_WITH_AES_256_CCM                  = 0xC09F
	TLS_RSA_WITH_AES_128_CCM_8                    = 0xC0A0
	TLS_RSA_WITH_AES_256_CCM_8                    = 0xC0A1
	TLS_DHE_RSA_WITH_AES_128_CCM_8                = 0xC0A2
	TLS_DHE_RSA_WITH_AES_256_CCM_8                = 0xC0A3
	TLS_PSK_WITH_AES_128_CCM                      = 0xC0A4
	TLS_PSK_WITH_AES_256_CCM                      = 0xC0A5
	TLS_DHE_PSK_WITH_AES_128_CCM                  = 0xC0A6
	TLS_DHE_PSK_WITH_AES_256_CCM                  = 0xC0A7
	TLS_PSK_WITH_AES_128_CCM_8                    = 0xC0A8
	TLS_PSK_WITH_AES_256_CCM_8                    = 0xC0A9
	TLS_PSK_DHE_WITH_AES_128_CCM_8                = 0xC0AA
	TLS_PSK_DHE_WITH_AES_256_CCM_8                = 0xC0AB
	TLS_ECDHE_ECDSA_WITH_AES_128_CCM              = 0xC0AC
	TLS_ECDHE_ECDSA_WITH_AES_256_CCM              = 0xC0AD
	TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8            = 0xC0AE
	TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8            = 0xC0AF
	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   = 0xCC13
	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14
	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     = 0xCC15
	// SSL_RSA_FIPS_WITH_DES_CBC_SHA                 = 0xFEFE
	// SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA            = 0xFEFF
	// SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA            = 0xFFE0
	// SSL_RSA_FIPS_WITH_DES_CBC_SHA                 = 0xFFE1
	SSL_RSA_WITH_RC2_CBC_MD5        = 0xFF80
	SSL_RSA_WITH_IDEA_CBC_MD5       = 0xFF81
	SSL_RSA_WITH_DES_CBC_MD5        = 0xFF82
	SSL_RSA_WITH_3DES_EDE_CBC_MD5   = 0xFF83
	SSL_EN_RC2_128_CBC_WITH_MD5     = 0xFF03
	OP_PCL_TLS10_AES_128_CBC_SHA512 = 0xFF85
)

A list of the possible cipher suite ids. Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml

View Source
const (
	VersionSSL30 = 0x0300
	VersionTLS10 = 0x0301
	VersionTLS11 = 0x0302
	VersionTLS12 = 0x0303
)

Variables

View Source
var DHE512ExportCiphers []uint16 = []uint16{}
View Source
var DHECiphers []uint16 = []uint16{
	TLS_DHE_DSS_WITH_DES_CBC_SHA,
	TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
	TLS_DHE_RSA_WITH_DES_CBC_SHA,
	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
	TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
	TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
	TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
	TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
	TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
	TLS_DHE_DSS_WITH_RC4_128_SHA,
	TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
	TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
	TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
	TLS_DHE_DSS_WITH_SEED_CBC_SHA,
	TLS_DHE_RSA_WITH_SEED_CBC_SHA,
	TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
	TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
	TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
	TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
	TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
	TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
	TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
	TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
	TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,
	TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,
	TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
	TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
	TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
	TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
	TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
	TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
	TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
	TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
	TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256,
	TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384,
	TLS_DHE_RSA_WITH_AES_128_CCM,
	TLS_DHE_RSA_WITH_AES_256_CCM,
	TLS_DHE_RSA_WITH_AES_128_CCM_8,
	TLS_DHE_RSA_WITH_AES_256_CCM_8,
	TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
}
View Source
var (
	HeartbleedError = errors.New("Error after Heartbleed")
)

RSA Ciphers

Functions

func Listen

func Listen(network, laddr string, config *Config) (net.Listener, error)

Listen creates a TLS listener accepting connections on the given network address using net.Listen. The configuration config must be non-nil and must have at least one certificate.

func NewListener

func NewListener(inner net.Listener, config *Config) net.Listener

NewListener creates a Listener which accepts connections from an inner Listener and wraps each connection with Server. The configuration config must be non-nil and must have at least one certificate.

Types

type Certificate

type Certificate struct {
	Certificate [][]byte
	PrivateKey  crypto.PrivateKey // supported types: *rsa.PrivateKey, *ecdsa.PrivateKey
	// OCSPStaple contains an optional OCSP response which will be served
	// to clients that request it.
	OCSPStaple []byte
	// Leaf is the parsed form of the leaf certificate, which may be
	// initialized using x509.ParseCertificate to reduce per-handshake
	// processing for TLS clients doing client authentication. If nil, the
	// leaf certificate will be parsed as needed.
	Leaf *x509.Certificate
}

A Certificate is a chain of one or more certificates, leaf first.

func LoadX509KeyPair

func LoadX509KeyPair(certFile, keyFile string) (cert Certificate, err error)

LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data.

func X509KeyPair

func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error)

X509KeyPair parses a public/private key pair from a pair of PEM encoded data.

type Certificates

type Certificates struct {
	Certificates       [][]byte
	ParsedCertificates []*x509.Certificate
}

ServerCertificates represents a TLS certificates message in a format friendly to the golang JSON library. ValidationError should be non-nil whenever Valid is false.

func (*Certificates) FromEncoded

func (c *Certificates) FromEncoded(ec *encodedCertificates) *Certificates

func (*Certificates) MarshalJSON

func (c *Certificates) MarshalJSON() ([]byte, error)

func (*Certificates) UnmarshalJSON

func (c *Certificates) UnmarshalJSON(b []byte) error

type CipherSuite

type CipherSuite uint16

func (CipherSuite) MarshalJSON

func (cs CipherSuite) MarshalJSON() ([]byte, error)

func (CipherSuite) String

func (cs CipherSuite) String() string

type ClientAuthType

type ClientAuthType int

ClientAuthType declares the policy the server will follow for TLS Client Authentication.

const (
	NoClientCert ClientAuthType = iota
	RequestClientCert
	RequireAnyClientCert
	VerifyClientCertIfGiven
	RequireAndVerifyClientCert
)

type ClientSessionCache

type ClientSessionCache interface {
	// Get searches for a ClientSessionState associated with the given key.
	// On return, ok is true if one was found.
	Get(sessionKey string) (session *ClientSessionState, ok bool)

	// Put adds the ClientSessionState to the cache with the given key.
	Put(sessionKey string, cs *ClientSessionState)
}

ClientSessionCache is a cache of ClientSessionState objects that can be used by a client to resume a TLS session with a given server. ClientSessionCache implementations should expect to be called concurrently from different goroutines.

func NewLRUClientSessionCache

func NewLRUClientSessionCache(capacity int) ClientSessionCache

NewLRUClientSessionCache returns a ClientSessionCache with the given capacity that uses an LRU strategy. If capacity is < 1, a default capacity is used instead.

type ClientSessionState

type ClientSessionState struct {
	// contains filtered or unexported fields
}

ClientSessionState contains the state needed by clients to resume TLS sessions.

type Config

type Config struct {
	// Rand provides the source of entropy for nonces and RSA blinding.
	// If Rand is nil, TLS uses the cryptographic random reader in package
	// crypto/rand.
	// The Reader must be safe for use by multiple goroutines.
	Rand io.Reader

	// Time returns the current time as the number of seconds since the epoch.
	// If Time is nil, TLS uses time.Now.
	Time func() time.Time

	// Certificates contains one or more certificate chains
	// to present to the other side of the connection.
	// Server configurations must include at least one certificate.
	Certificates []Certificate

	// NameToCertificate maps from a certificate name to an element of
	// Certificates. Note that a certificate name can be of the form
	// '*.example.com' and so doesn't have to be a domain name as such.
	// See Config.BuildNameToCertificate
	// The nil value causes the first element of Certificates to be used
	// for all connections.
	NameToCertificate map[string]*Certificate

	// RootCAs defines the set of root certificate authorities
	// that clients use when verifying server certificates.
	// If RootCAs is nil, TLS uses the host's root CA set.
	RootCAs *x509.CertPool

	// NextProtos is a list of supported, application level protocols.
	NextProtos []string

	// ServerName is used to verify the hostname on the returned
	// certificates unless InsecureSkipVerify is given. It is also included
	// in the client's handshake to support virtual hosting.
	ServerName string

	// ClientAuth determines the server's policy for
	// TLS Client Authentication. The default is NoClientCert.
	ClientAuth ClientAuthType

	// ClientCAs defines the set of root certificate authorities
	// that servers use if required to verify a client certificate
	// by the policy in ClientAuth.
	ClientCAs *x509.CertPool

	// InsecureSkipVerify controls whether a client verifies the
	// server's certificate chain and host name.
	// If InsecureSkipVerify is true, TLS accepts any certificate
	// presented by the server and any host name in that certificate.
	// In this mode, TLS is susceptible to man-in-the-middle attacks.
	// This should be used only for testing.
	InsecureSkipVerify bool

	// CipherSuites is a list of supported cipher suites. If CipherSuites
	// is nil, TLS uses a list of suites supported by the implementation.
	CipherSuites []uint16

	// PreferServerCipherSuites controls whether the server selects the
	// client's most preferred ciphersuite, or the server's most preferred
	// ciphersuite. If true then the server's preference, as expressed in
	// the order of elements in CipherSuites, is used.
	PreferServerCipherSuites bool

	// SessionTicketsDisabled may be set to true to disable session ticket
	// (resumption) support.
	SessionTicketsDisabled bool

	// SessionTicketKey is used by TLS servers to provide session
	// resumption. See RFC 5077. If zero, it will be filled with
	// random data before the first server handshake.
	//
	// If multiple servers are terminating connections for the same host
	// they should all have the same SessionTicketKey. If the
	// SessionTicketKey leaks, previously recorded and future TLS
	// connections using that key are compromised.
	SessionTicketKey [32]byte

	// SessionCache is a cache of ClientSessionState entries for TLS session
	// resumption.
	ClientSessionCache ClientSessionCache

	// MinVersion contains the minimum SSL/TLS version that is acceptable.
	// If zero, then SSLv3 is taken as the minimum.
	MinVersion uint16

	// MaxVersion contains the maximum SSL/TLS version that is acceptable.
	// If zero, then the maximum version supported by this package is used,
	// which is currently TLS 1.2.
	MaxVersion uint16

	// CurvePreferences contains the elliptic curves that will be used in
	// an ECDHE handshake, in preference order. If empty, the default will
	// be used.
	CurvePreferences []CurveID

	ForceSuites bool

	// Export RSA Key
	ExportRSAKey *rsa.PrivateKey
	// contains filtered or unexported fields
}

A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified. A Config may be reused; the tls package will also not modify it.

func (*Config) BuildNameToCertificate

func (c *Config) BuildNameToCertificate()

BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate from the CommonName and SubjectAlternateName fields of each of the leaf certificates.

type Conn

type Conn struct {
	// contains filtered or unexported fields
}

A Conn represents a secured connection. It implements the net.Conn interface.

func Client

func Client(conn net.Conn, config *Config) *Conn

Client returns a new TLS client side connection using conn as the underlying transport. The config cannot be nil: users must set either ServerName or InsecureSkipVerify in the config.

func Dial

func Dial(network, addr string, config *Config) (*Conn, error)

Dial connects to the given network address using net.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Dial interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.

Example
package main

import (
	"github.com/zmap/zgrab/ztools/x509"
	"github.com/zmap/zgrab/ztools/ztls"
)

func main() {
	// Connecting with a custom root-certificate set.

	const rootPEM = `
-----BEGIN CERTIFICATE-----
MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG
EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g
K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI
KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n
ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB
BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY
/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/
zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza
HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto
WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6
yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
-----END CERTIFICATE-----`

	// First, create the set of root certificates. For this example we only
	// have one. It's also possible to omit this in order to use the
	// default root set of the current operating system.
	roots := x509.NewCertPool()
	ok := roots.AppendCertsFromPEM([]byte(rootPEM))
	if !ok {
		panic("failed to parse root certificate")
	}

	conn, err := ztls.Dial("tcp", "mail.google.com:443", &ztls.Config{
		RootCAs: roots,
	})
	if err != nil {
		panic("failed to connect: " + err.Error())
	}
	conn.Close()
}
Output:

func DialWithDialer

func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error)

DialWithDialer connects to the given network address using dialer.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Any timeout or deadline given in the dialer apply to connection and TLS handshake as a whole.

DialWithDialer interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.

func Server

func Server(conn net.Conn, config *Config) *Conn

Server returns a new TLS server side connection using conn as the underlying transport. The configuration config must be non-nil and must have at least one certificate.

func (*Conn) CheckHeartbleed

func (c *Conn) CheckHeartbleed(b []byte) (n int, err error)

func (*Conn) ClientCiphers

func (c *Conn) ClientCiphers() []CipherSuite

func (*Conn) ClientHelloRaw

func (c *Conn) ClientHelloRaw() []byte

func (*Conn) Close

func (c *Conn) Close() error

Close closes the connection.

func (*Conn) ConnectionState

func (c *Conn) ConnectionState() ConnectionState

ConnectionState returns basic TLS details about the connection.

func (*Conn) GetHandshakeLog

func (c *Conn) GetHandshakeLog() *ServerHandshake

func (*Conn) GetHeartbleedLog

func (c *Conn) GetHeartbleedLog() *Heartbleed

func (*Conn) Handshake

func (c *Conn) Handshake() error

Handshake runs the client or server handshake protocol if it has not yet been run. Most uses of this package need not call Handshake explicitly: the first Read or Write will call it automatically.

func (*Conn) LocalAddr

func (c *Conn) LocalAddr() net.Addr

LocalAddr returns the local network address.

func (*Conn) OCSPResponse

func (c *Conn) OCSPResponse() []byte

OCSPResponse returns the stapled OCSP response from the TLS server, if any. (Only valid for client connections.)

func (*Conn) Read

func (c *Conn) Read(b []byte) (n int, err error)

Read can be made to time out and return a net.Error with Timeout() == true after a fixed time limit; see SetDeadline and SetReadDeadline.

func (*Conn) RemoteAddr

func (c *Conn) RemoteAddr() net.Addr

RemoteAddr returns the remote network address.

func (*Conn) SetDeadline

func (c *Conn) SetDeadline(t time.Time) error

SetDeadline sets the read and write deadlines associated with the connection. A zero value for t means Read and Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.

func (*Conn) SetReadDeadline

func (c *Conn) SetReadDeadline(t time.Time) error

SetReadDeadline sets the read deadline on the underlying connection. A zero value for t means Read will not time out.

func (*Conn) SetWriteDeadline

func (c *Conn) SetWriteDeadline(t time.Time) error

SetWriteDeadline sets the write deadline on the underlying connection. A zero value for t means Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.

func (*Conn) VerifyHostname

func (c *Conn) VerifyHostname(host string) error

VerifyHostname checks that the peer certificate chain is valid for connecting to host. If so, it returns nil; if not, it returns an error describing the problem.

func (*Conn) Write

func (c *Conn) Write(b []byte) (int, error)

Write writes data to the connection.

type ConnectionState

type ConnectionState struct {
	Version                    uint16                // TLS version used by the connection (e.g. VersionTLS12)
	HandshakeComplete          bool                  // TLS handshake is complete
	DidResume                  bool                  // connection resumes a previous TLS connection
	CipherSuite                uint16                // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...)
	NegotiatedProtocol         string                // negotiated next protocol (from Config.NextProtos)
	NegotiatedProtocolIsMutual bool                  // negotiated protocol was advertised by server
	ServerName                 string                // server name requested by client, if any (server side only)
	PeerCertificates           []*x509.Certificate   // certificate chain presented by remote peer
	VerifiedChains             [][]*x509.Certificate // verified chains built from PeerCertificates
}

ConnectionState records basic TLS details about the connection.

type CurveID

type CurveID uint16

CurveID is the type of a TLS identifier for an elliptic curve. See http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8

const (
	CurveP256 CurveID = 23
	CurveP384 CurveID = 24
	CurveP521 CurveID = 25
)

type DHParams

type DHParams struct {
	P  *big.Int
	G  *big.Int
	Ys *big.Int
}

func (*DHParams) MarshalJSON

func (p *DHParams) MarshalJSON() ([]byte, error)

type ExportSignatureAlgorithm

type ExportSignatureAlgorithm uint16

func (*ExportSignatureAlgorithm) MarshalJSON

func (esa *ExportSignatureAlgorithm) MarshalJSON() ([]byte, error)

type Finished

type Finished struct {
	VerifyData []byte `json:"verify_data"`
}

Finished represents a TLS Finished message

type Heartbleed

type Heartbleed struct {
	HeartbeatEnabled bool `json:"heartbeat_enabled"`
	Vulnerable       bool `json:"heartbleed_vulnerable"`
}

type RSAExportParams

type RSAExportParams struct {
	PublicKey rsa.PublicKey `json:"-"`
	Modulus   []byte        `json:"modulus"`
	Exponent  uint32        `json:"exponent"`
	Length    int           `json:"length"`
}

type ServerHandshake

type ServerHandshake struct {
	ServerHello        *ServerHello       `json:"server_hello"`
	ServerCertificates *Certificates      `json:"server_certificates"`
	ServerKeyExchange  *ServerKeyExchange `json:"server_key_exchange"`
	RSAExportParams    *RSAExportParams   `json:"rsa_export_params,omitempty"`
	DHExportParams     *DHParams          `json:"dh_export_params,omitempty"`
	DHParams           *DHParams          `json:"dh_params,omitempty"`
	ServerFinished     *Finished          `json:"server_finished"`
}

ServerHandshake stores all of the messages sent by the server during a standard TLS Handshake. It implements zgrab.EventData interface

type ServerHello

type ServerHello struct {
	Version             TLSVersion  `json:"version"`
	Random              []byte      `json:"random"`
	SessionID           []byte      `json:"session_id"`
	CipherSuite         CipherSuite `json:"cipher_suite"`
	CompressionMethod   uint8       `json:"compression_method"`
	OcspStapling        bool        `json:"ocsp_stapling"`
	TicketSupported     bool        `json:"ticket"`
	SecureRenegotiation bool        `json:"secure_renegotiation"`
	HeartbeatSupported  bool        `json:"heartbeat"`
}

type ServerKeyExchange

type ServerKeyExchange struct {
	Key []byte `json:"key"`
}

ServerKeyExchange represents the raw key data sent by the server in TLS key exchange message

type TLSVersion

type TLSVersion uint16

func (TLSVersion) MarshalJSON

func (v TLSVersion) MarshalJSON() ([]byte, error)

func (TLSVersion) String

func (v TLSVersion) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL