Documentation
¶
Overview ¶
Package tls partially implements TLS 1.2, as specified in RFC 5246.
Index ¶
- Constants
- Variables
- func Listen(network, laddr string, config *Config) (net.Listener, error)
- func NewListener(inner net.Listener, config *Config) net.Listener
- type Certificate
- type Certificates
- type CipherSuite
- type ClientAuthType
- type ClientSessionCache
- type ClientSessionState
- type Config
- type Conn
- func (c *Conn) CheckHeartbleed(b []byte) (n int, err error)
- func (c *Conn) ClientCiphers() []CipherSuite
- func (c *Conn) ClientHelloRaw() []byte
- func (c *Conn) Close() error
- func (c *Conn) ConnectionState() ConnectionState
- func (c *Conn) GetHandshakeLog() *ServerHandshake
- func (c *Conn) GetHeartbleedLog() *Heartbleed
- func (c *Conn) Handshake() error
- func (c *Conn) LocalAddr() net.Addr
- func (c *Conn) OCSPResponse() []byte
- func (c *Conn) Read(b []byte) (n int, err error)
- func (c *Conn) RemoteAddr() net.Addr
- func (c *Conn) SetDeadline(t time.Time) error
- func (c *Conn) SetReadDeadline(t time.Time) error
- func (c *Conn) SetWriteDeadline(t time.Time) error
- func (c *Conn) VerifyHostname(host string) error
- func (c *Conn) Write(b []byte) (int, error)
- type ConnectionState
- type CurveID
- type DHParams
- type ExportSignatureAlgorithm
- type Finished
- type Heartbleed
- type RSAExportParams
- type ServerHandshake
- type ServerHello
- type ServerKeyExchange
- type TLSVersion
Examples ¶
Constants ¶
View Source
const ( TLS_NULL_WITH_NULL_NULL = 0x0000 TLS_RSA_WITH_NULL_MD5 = 0x0001 TLS_RSA_WITH_NULL_SHA = 0x0002 TLS_RSA_EXPORT_WITH_RC4_40_MD5 = 0x0003 TLS_RSA_WITH_RC4_128_MD5 = 0x0004 TLS_RSA_WITH_RC4_128_SHA = 0x0005 TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = 0x0006 TLS_RSA_WITH_IDEA_CBC_SHA = 0x0007 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0008 TLS_RSA_WITH_DES_CBC_SHA = 0x0009 TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x000B TLS_DH_DSS_WITH_DES_CBC_SHA = 0x000C TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x000E TLS_DH_RSA_WITH_DES_CBC_SHA = 0x000F TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0010 TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA = 0x0011 TLS_DHE_DSS_WITH_DES_CBC_SHA = 0x0012 TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013 TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA = 0x0014 TLS_DHE_RSA_WITH_DES_CBC_SHA = 0x0015 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016 TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5 = 0x0017 TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018 TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA = 0x0019 TLS_DH_ANON_WITH_DES_CBC_SHA = 0x001A TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B SSL_FORTEZZA_KEA_WITH_NULL_SHA = 0x001C SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA = 0x001D TLS_KRB5_WITH_DES_CBC_SHA = 0x001E TLS_KRB5_WITH_3DES_EDE_CBC_SHA = 0x001F TLS_KRB5_WITH_RC4_128_SHA = 0x0020 TLS_KRB5_WITH_IDEA_CBC_SHA = 0x0021 TLS_KRB5_WITH_DES_CBC_MD5 = 0x0022 TLS_KRB5_WITH_3DES_EDE_CBC_MD5 = 0x0023 TLS_KRB5_WITH_RC4_128_MD5 = 0x0024 TLS_KRB5_WITH_IDEA_CBC_MD5 = 0x0025 TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA = 0x0026 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA = 0x0027 TLS_KRB5_EXPORT_WITH_RC4_40_SHA = 0x0028 TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 = 0x0029 TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 = 0x002A TLS_KRB5_EXPORT_WITH_RC4_40_MD5 = 0x002B TLS_PSK_WITH_NULL_SHA = 0x002C TLS_DHE_PSK_WITH_NULL_SHA = 0x002D TLS_RSA_PSK_WITH_NULL_SHA = 0x002E TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030 TLS_DH_RSA_WITH_AES_128_CBC_SHA = 0x0031 TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033 TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034 TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036 TLS_DH_RSA_WITH_AES_256_CBC_SHA = 0x0037 TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039 TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A TLS_RSA_WITH_NULL_SHA256 = 0x003B TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E TLS_DH_RSA_WITH_AES_128_CBC_SHA256 = 0x003F TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0041 TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0042 TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0043 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA = 0x0044 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x0045 TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA = 0x0046 TLS_RSA_EXPORT1024_WITH_RC4_56_MD5 = 0x0060 TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 = 0x0061 TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = 0x0062 TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA = 0x0063 TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = 0x0064 TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA = 0x0065 TLS_DHE_DSS_WITH_RC4_128_SHA = 0x0066 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067 TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068 TLS_DH_RSA_WITH_AES_256_CBC_SHA256 = 0x0069 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D TLS_GOSTR341094_WITH_28147_CNT_IMIT = 0x0080 TLS_GOSTR341001_WITH_28147_CNT_IMIT = 0x0081 TLS_GOSTR341094_WITH_NULL_GOSTR3411 = 0x0082 TLS_GOSTR341001_WITH_NULL_GOSTR3411 = 0x0083 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0084 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0085 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0086 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA = 0x0087 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x0088 TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA = 0x0089 TLS_PSK_WITH_RC4_128_SHA = 0x008A TLS_PSK_WITH_3DES_EDE_CBC_SHA = 0x008B TLS_PSK_WITH_AES_128_CBC_SHA = 0x008C TLS_PSK_WITH_AES_256_CBC_SHA = 0x008D TLS_DHE_PSK_WITH_RC4_128_SHA = 0x008E TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA = 0x008F TLS_DHE_PSK_WITH_AES_128_CBC_SHA = 0x0090 TLS_DHE_PSK_WITH_AES_256_CBC_SHA = 0x0091 TLS_RSA_PSK_WITH_RC4_128_SHA = 0x0092 TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA = 0x0093 TLS_RSA_PSK_WITH_AES_128_CBC_SHA = 0x0094 TLS_RSA_PSK_WITH_AES_256_CBC_SHA = 0x0095 TLS_RSA_WITH_SEED_CBC_SHA = 0x0096 TLS_DH_DSS_WITH_SEED_CBC_SHA = 0x0097 TLS_DH_RSA_WITH_SEED_CBC_SHA = 0x0098 TLS_DHE_DSS_WITH_SEED_CBC_SHA = 0x0099 TLS_DHE_RSA_WITH_SEED_CBC_SHA = 0x009A TLS_DH_ANON_WITH_SEED_CBC_SHA = 0x009B TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F TLS_DH_RSA_WITH_AES_128_GCM_SHA256 = 0x00A0 TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = 0x00A1 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3 TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5 TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6 TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0x00A8 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0x00A9 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0x00AA TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0x00AB TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 = 0x00AC TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 = 0x00AD TLS_PSK_WITH_AES_128_CBC_SHA256 = 0x00AE TLS_PSK_WITH_AES_256_CBC_SHA384 = 0x00AF TLS_PSK_WITH_NULL_SHA256 = 0x00B0 TLS_PSK_WITH_NULL_SHA384 = 0x00B1 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0x00B2 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0x00B3 TLS_DHE_PSK_WITH_NULL_SHA256 = 0x00B4 TLS_DHE_PSK_WITH_NULL_SHA384 = 0x00B5 TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 = 0x00B6 TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 = 0x00B7 TLS_RSA_PSK_WITH_NULL_SHA256 = 0x00B8 TLS_RSA_PSK_WITH_NULL_SHA384 = 0x00B9 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BA TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BB TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BC TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BD TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BE TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256 = 0x00BF TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C0 TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C1 TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C2 TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C3 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C4 TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256 = 0x00C5 TLS_RENEGO_PROTECTION_REQUEST = 0x00FF TLS_FALLBACK_SCSV = 0x5600 TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014 TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015 TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016 TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017 TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018 TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019 TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020 TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021 TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032 TLS_ECDHE_PSK_WITH_RC4_128_SHA = 0xC033 TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA = 0xC034 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA = 0xC035 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA = 0xC036 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0xC037 TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 = 0xC038 TLS_ECDHE_PSK_WITH_NULL_SHA = 0xC039 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0xC03A TLS_ECDHE_PSK_WITH_NULL_SHA384 = 0xC03B TLS_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC03C TLS_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC03D TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC03E TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC03F TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC040 TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC041 TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256 = 0xC042 TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384 = 0xC043 TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC044 TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC045 TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256 = 0xC046 TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384 = 0xC047 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC048 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC049 TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 = 0xC04A TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 = 0xC04B TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04C TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04D TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 = 0xC04E TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 = 0xC04F TLS_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC050 TLS_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC051 TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC052 TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC053 TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC054 TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC055 TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC056 TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC057 TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256 = 0xC058 TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384 = 0xC059 TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256 = 0xC05A TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384 = 0xC05B TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05C TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05D TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 = 0xC05E TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 = 0xC05F TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC060 TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC061 TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 = 0xC062 TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 = 0xC063 TLS_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC064 TLS_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC065 TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC066 TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC067 TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC068 TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC069 TLS_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06A TLS_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06B TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06C TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06D TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 = 0xC06E TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 = 0xC06F TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 = 0xC070 TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 = 0xC071 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC072 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC073 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC074 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC075 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC076 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC077 TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xC078 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 = 0xC079 TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07A TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07B TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07C TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07D TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC07E TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC07F TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC080 TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC081 TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256 = 0xC082 TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384 = 0xC083 TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256 = 0xC084 TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384 = 0xC085 TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC086 TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC087 TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC088 TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC089 TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08A TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08B TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08C TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08D TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC08E TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC08F TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC090 TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC091 TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 = 0xC092 TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 = 0xC093 TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC094 TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC095 TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC096 TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC097 TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC098 TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC099 TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 = 0xC09A TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 = 0xC09B TLS_RSA_WITH_AES_128_CCM = 0xC09C TLS_RSA_WITH_AES_256_CCM = 0xC09D TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F TLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0 TLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1 TLS_DHE_RSA_WITH_AES_128_CCM_8 = 0xC0A2 TLS_DHE_RSA_WITH_AES_256_CCM_8 = 0xC0A3 TLS_PSK_WITH_AES_128_CCM = 0xC0A4 TLS_PSK_WITH_AES_256_CCM = 0xC0A5 TLS_DHE_PSK_WITH_AES_128_CCM = 0xC0A6 TLS_DHE_PSK_WITH_AES_256_CCM = 0xC0A7 TLS_PSK_WITH_AES_128_CCM_8 = 0xC0A8 TLS_PSK_WITH_AES_256_CCM_8 = 0xC0A9 TLS_PSK_DHE_WITH_AES_128_CCM_8 = 0xC0AA TLS_PSK_DHE_WITH_AES_256_CCM_8 = 0xC0AB TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC13 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC14 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCC15 // SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFEFE // SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFEFF // SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = 0xFFE0 // SSL_RSA_FIPS_WITH_DES_CBC_SHA = 0xFFE1 SSL_RSA_WITH_RC2_CBC_MD5 = 0xFF80 SSL_RSA_WITH_IDEA_CBC_MD5 = 0xFF81 SSL_RSA_WITH_DES_CBC_MD5 = 0xFF82 SSL_RSA_WITH_3DES_EDE_CBC_MD5 = 0xFF83 SSL_EN_RC2_128_CBC_WITH_MD5 = 0xFF03 OP_PCL_TLS10_AES_128_CBC_SHA512 = 0xFF85 )
A list of the possible cipher suite ids. Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml
View Source
const ( VersionSSL30 = 0x0300 VersionTLS10 = 0x0301 VersionTLS11 = 0x0302 VersionTLS12 = 0x0303 )
Variables ¶
View Source
var CBCSuiteIDList []uint16 = []uint16{ TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, }
View Source
var ChromeCiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_3DES_EDE_CBC_SHA, }
View Source
var ChromeNoDHECiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_3DES_EDE_CBC_SHA, }
View Source
var DHE512ExportCiphers []uint16 = []uint16{}
View Source
var DHECiphers []uint16 = []uint16{ TLS_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_DES_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_RC4_128_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, TLS_DHE_DSS_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_SEED_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256, TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384, TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256, TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_CCM, TLS_DHE_RSA_WITH_AES_256_CCM, TLS_DHE_RSA_WITH_AES_128_CCM_8, TLS_DHE_RSA_WITH_AES_256_CCM_8, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, }
View Source
var DHEExportCiphers []uint16 = []uint16{ TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, }
View Source
var ExportCiphers []uint16 = []uint16{ TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, }
View Source
var FirefoxCiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, }
View Source
var FirefoxNoDHECiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, }
View Source
var (
HeartbleedError = errors.New("Error after Heartbleed")
)
View Source
var RSA512ExportCiphers []uint16 = []uint16{ TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, }
View Source
var RSACiphers = []uint16{ TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, }
RSA Ciphers
View Source
var RSAExportCiphers []uint16 = []uint16{ TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, }
View Source
var SChannelSuites []uint16 = []uint16{ TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_RC4_128_SHA, }
View Source
var SafariCiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, }
View Source
var SafariNoDHECiphers []uint16 = []uint16{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_RC4_128_MD5, }
Functions ¶
Types ¶
type Certificate ¶
type Certificate struct {
Certificate [][]byte
PrivateKey crypto.PrivateKey // supported types: *rsa.PrivateKey, *ecdsa.PrivateKey
// OCSPStaple contains an optional OCSP response which will be served
// to clients that request it.
OCSPStaple []byte
// Leaf is the parsed form of the leaf certificate, which may be
// initialized using x509.ParseCertificate to reduce per-handshake
// processing for TLS clients doing client authentication. If nil, the
// leaf certificate will be parsed as needed.
Leaf *x509.Certificate
}
A Certificate is a chain of one or more certificates, leaf first.
func LoadX509KeyPair ¶
func LoadX509KeyPair(certFile, keyFile string) (cert Certificate, err error)
LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data.
func X509KeyPair ¶
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error)
X509KeyPair parses a public/private key pair from a pair of PEM encoded data.
type Certificates ¶
type Certificates struct {
Certificates [][]byte
ParsedCertificates []*x509.Certificate
}
ServerCertificates represents a TLS certificates message in a format friendly to the golang JSON library. ValidationError should be non-nil whenever Valid is false.
func (*Certificates) FromEncoded ¶
func (c *Certificates) FromEncoded(ec *encodedCertificates) *Certificates
func (*Certificates) MarshalJSON ¶
func (c *Certificates) MarshalJSON() ([]byte, error)
func (*Certificates) UnmarshalJSON ¶
func (c *Certificates) UnmarshalJSON(b []byte) error
type CipherSuite ¶
type CipherSuite uint16
func (CipherSuite) MarshalJSON ¶
func (cs CipherSuite) MarshalJSON() ([]byte, error)
func (CipherSuite) String ¶
func (cs CipherSuite) String() string
type ClientAuthType ¶
type ClientAuthType int
ClientAuthType declares the policy the server will follow for TLS Client Authentication.
const ( NoClientCert ClientAuthType = iota RequestClientCert RequireAnyClientCert VerifyClientCertIfGiven RequireAndVerifyClientCert )
type ClientSessionCache ¶
type ClientSessionCache interface {
// Get searches for a ClientSessionState associated with the given key.
// On return, ok is true if one was found.
Get(sessionKey string) (session *ClientSessionState, ok bool)
// Put adds the ClientSessionState to the cache with the given key.
Put(sessionKey string, cs *ClientSessionState)
}
ClientSessionCache is a cache of ClientSessionState objects that can be used by a client to resume a TLS session with a given server. ClientSessionCache implementations should expect to be called concurrently from different goroutines.
func NewLRUClientSessionCache ¶
func NewLRUClientSessionCache(capacity int) ClientSessionCache
NewLRUClientSessionCache returns a ClientSessionCache with the given capacity that uses an LRU strategy. If capacity is < 1, a default capacity is used instead.
type ClientSessionState ¶
type ClientSessionState struct {
// contains filtered or unexported fields
}
ClientSessionState contains the state needed by clients to resume TLS sessions.
type Config ¶
type Config struct {
// Rand provides the source of entropy for nonces and RSA blinding.
// If Rand is nil, TLS uses the cryptographic random reader in package
// crypto/rand.
// The Reader must be safe for use by multiple goroutines.
Rand io.Reader
// Time returns the current time as the number of seconds since the epoch.
// If Time is nil, TLS uses time.Now.
Time func() time.Time
// Certificates contains one or more certificate chains
// to present to the other side of the connection.
// Server configurations must include at least one certificate.
Certificates []Certificate
// NameToCertificate maps from a certificate name to an element of
// Certificates. Note that a certificate name can be of the form
// '*.example.com' and so doesn't have to be a domain name as such.
// See Config.BuildNameToCertificate
// The nil value causes the first element of Certificates to be used
// for all connections.
NameToCertificate map[string]*Certificate
// RootCAs defines the set of root certificate authorities
// that clients use when verifying server certificates.
// If RootCAs is nil, TLS uses the host's root CA set.
RootCAs *x509.CertPool
// NextProtos is a list of supported, application level protocols.
NextProtos []string
// ServerName is used to verify the hostname on the returned
// certificates unless InsecureSkipVerify is given. It is also included
// in the client's handshake to support virtual hosting.
ServerName string
// ClientAuth determines the server's policy for
// TLS Client Authentication. The default is NoClientCert.
ClientAuth ClientAuthType
// ClientCAs defines the set of root certificate authorities
// that servers use if required to verify a client certificate
// by the policy in ClientAuth.
ClientCAs *x509.CertPool
// InsecureSkipVerify controls whether a client verifies the
// server's certificate chain and host name.
// If InsecureSkipVerify is true, TLS accepts any certificate
// presented by the server and any host name in that certificate.
// In this mode, TLS is susceptible to man-in-the-middle attacks.
// This should be used only for testing.
InsecureSkipVerify bool
// CipherSuites is a list of supported cipher suites. If CipherSuites
// is nil, TLS uses a list of suites supported by the implementation.
CipherSuites []uint16
// PreferServerCipherSuites controls whether the server selects the
// client's most preferred ciphersuite, or the server's most preferred
// ciphersuite. If true then the server's preference, as expressed in
// the order of elements in CipherSuites, is used.
PreferServerCipherSuites bool
// SessionTicketsDisabled may be set to true to disable session ticket
// (resumption) support.
SessionTicketsDisabled bool
// SessionTicketKey is used by TLS servers to provide session
// resumption. See RFC 5077. If zero, it will be filled with
// random data before the first server handshake.
//
// If multiple servers are terminating connections for the same host
// they should all have the same SessionTicketKey. If the
// SessionTicketKey leaks, previously recorded and future TLS
// connections using that key are compromised.
SessionTicketKey [32]byte
// SessionCache is a cache of ClientSessionState entries for TLS session
// resumption.
ClientSessionCache ClientSessionCache
// MinVersion contains the minimum SSL/TLS version that is acceptable.
// If zero, then SSLv3 is taken as the minimum.
MinVersion uint16
// MaxVersion contains the maximum SSL/TLS version that is acceptable.
// If zero, then the maximum version supported by this package is used,
// which is currently TLS 1.2.
MaxVersion uint16
// CurvePreferences contains the elliptic curves that will be used in
// an ECDHE handshake, in preference order. If empty, the default will
// be used.
CurvePreferences []CurveID
ForceSuites bool
// Export RSA Key
ExportRSAKey *rsa.PrivateKey
// contains filtered or unexported fields
}
A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified. A Config may be reused; the tls package will also not modify it.
func (*Config) BuildNameToCertificate ¶
func (c *Config) BuildNameToCertificate()
BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate from the CommonName and SubjectAlternateName fields of each of the leaf certificates.
type Conn ¶
type Conn struct {
// contains filtered or unexported fields
}
A Conn represents a secured connection. It implements the net.Conn interface.
func Client ¶
Client returns a new TLS client side connection using conn as the underlying transport. The config cannot be nil: users must set either ServerName or InsecureSkipVerify in the config.
func Dial ¶
Dial connects to the given network address using net.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Dial interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.
Example ¶
package main
import (
"github.com/zmap/zgrab/ztools/x509"
"github.com/zmap/zgrab/ztools/ztls"
)
func main() {
// Connecting with a custom root-certificate set.
const rootPEM = `
-----BEGIN CERTIFICATE-----
MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG
EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g
K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI
KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n
ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB
BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY
/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/
zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza
HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto
WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6
yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
-----END CERTIFICATE-----`
// First, create the set of root certificates. For this example we only
// have one. It's also possible to omit this in order to use the
// default root set of the current operating system.
roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM([]byte(rootPEM))
if !ok {
panic("failed to parse root certificate")
}
conn, err := ztls.Dial("tcp", "mail.google.com:443", &ztls.Config{
RootCAs: roots,
})
if err != nil {
panic("failed to connect: " + err.Error())
}
conn.Close()
}
Output:
func DialWithDialer ¶
DialWithDialer connects to the given network address using dialer.Dial and then initiates a TLS handshake, returning the resulting TLS connection. Any timeout or deadline given in the dialer apply to connection and TLS handshake as a whole.
DialWithDialer interprets a nil configuration as equivalent to the zero configuration; see the documentation of Config for the defaults.
func Server ¶
Server returns a new TLS server side connection using conn as the underlying transport. The configuration config must be non-nil and must have at least one certificate.
func (*Conn) ClientCiphers ¶
func (c *Conn) ClientCiphers() []CipherSuite
func (*Conn) ClientHelloRaw ¶
func (*Conn) ConnectionState ¶
func (c *Conn) ConnectionState() ConnectionState
ConnectionState returns basic TLS details about the connection.
func (*Conn) GetHandshakeLog ¶
func (c *Conn) GetHandshakeLog() *ServerHandshake
func (*Conn) GetHeartbleedLog ¶
func (c *Conn) GetHeartbleedLog() *Heartbleed
func (*Conn) Handshake ¶
Handshake runs the client or server handshake protocol if it has not yet been run. Most uses of this package need not call Handshake explicitly: the first Read or Write will call it automatically.
func (*Conn) OCSPResponse ¶
OCSPResponse returns the stapled OCSP response from the TLS server, if any. (Only valid for client connections.)
func (*Conn) Read ¶
Read can be made to time out and return a net.Error with Timeout() == true after a fixed time limit; see SetDeadline and SetReadDeadline.
func (*Conn) RemoteAddr ¶
RemoteAddr returns the remote network address.
func (*Conn) SetDeadline ¶
SetDeadline sets the read and write deadlines associated with the connection. A zero value for t means Read and Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
func (*Conn) SetReadDeadline ¶
SetReadDeadline sets the read deadline on the underlying connection. A zero value for t means Read will not time out.
func (*Conn) SetWriteDeadline ¶
SetWriteDeadline sets the write deadline on the underlying connection. A zero value for t means Write will not time out. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
func (*Conn) VerifyHostname ¶
VerifyHostname checks that the peer certificate chain is valid for connecting to host. If so, it returns nil; if not, it returns an error describing the problem.
type ConnectionState ¶
type ConnectionState struct {
Version uint16 // TLS version used by the connection (e.g. VersionTLS12)
HandshakeComplete bool // TLS handshake is complete
DidResume bool // connection resumes a previous TLS connection
CipherSuite uint16 // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...)
NegotiatedProtocol string // negotiated next protocol (from Config.NextProtos)
NegotiatedProtocolIsMutual bool // negotiated protocol was advertised by server
ServerName string // server name requested by client, if any (server side only)
PeerCertificates []*x509.Certificate // certificate chain presented by remote peer
VerifiedChains [][]*x509.Certificate // verified chains built from PeerCertificates
}
ConnectionState records basic TLS details about the connection.
type CurveID ¶
type CurveID uint16
CurveID is the type of a TLS identifier for an elliptic curve. See http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8
type DHParams ¶
func (*DHParams) MarshalJSON ¶
type ExportSignatureAlgorithm ¶
type ExportSignatureAlgorithm uint16
func (*ExportSignatureAlgorithm) MarshalJSON ¶
func (esa *ExportSignatureAlgorithm) MarshalJSON() ([]byte, error)
type Finished ¶
type Finished struct {
VerifyData []byte `json:"verify_data"`
}
Finished represents a TLS Finished message
type Heartbleed ¶
type RSAExportParams ¶
type ServerHandshake ¶
type ServerHandshake struct {
ServerHello *ServerHello `json:"server_hello"`
ServerCertificates *Certificates `json:"server_certificates"`
ServerKeyExchange *ServerKeyExchange `json:"server_key_exchange"`
RSAExportParams *RSAExportParams `json:"rsa_export_params,omitempty"`
DHExportParams *DHParams `json:"dh_export_params,omitempty"`
DHParams *DHParams `json:"dh_params,omitempty"`
ServerFinished *Finished `json:"server_finished"`
}
ServerHandshake stores all of the messages sent by the server during a standard TLS Handshake. It implements zgrab.EventData interface
type ServerHello ¶
type ServerHello struct {
Version TLSVersion `json:"version"`
Random []byte `json:"random"`
SessionID []byte `json:"session_id"`
CipherSuite CipherSuite `json:"cipher_suite"`
CompressionMethod uint8 `json:"compression_method"`
OcspStapling bool `json:"ocsp_stapling"`
TicketSupported bool `json:"ticket"`
SecureRenegotiation bool `json:"secure_renegotiation"`
HeartbeatSupported bool `json:"heartbeat"`
}
type ServerKeyExchange ¶
type ServerKeyExchange struct {
Key []byte `json:"key"`
}
ServerKeyExchange represents the raw key data sent by the server in TLS key exchange message
type TLSVersion ¶
type TLSVersion uint16
func (TLSVersion) MarshalJSON ¶
func (v TLSVersion) MarshalJSON() ([]byte, error)
func (TLSVersion) String ¶
func (v TLSVersion) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.