tlsconfig

Documentation

Overview

Package tlsconfig provides primitives to retrieve secure-enough TLS configurations for both clients and servers.

As a reminder from https://golang.org/pkg/crypto/tls/#Config:

A Config structure is used to configure a TLS client or server. After one has been passed to a TLS function it must not be modified.
A Config may be reused; the tls package will also not modify it.

Index

• Variables
• func Client(options Options) (*tls.Config, error)
• func Server(options Options) (*tls.Config, error)
• type Options

Variables

var ClientDefault = tls.Config{

	MinVersion:   tls.VersionTLS12,
	CipherSuites: clientCipherSuites,
}

ClientDefault is a secure-enough TLS configuration for the client TLS configuration.

var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)

For use by code which already has a crypto/tls options struct but wants to use a commonly accepted set of TLS cipher suites, with known weak algorithms removed

var ServerDefault = tls.Config{

	MinVersion:               tls.VersionTLS10,
	PreferServerCipherSuites: true,
	CipherSuites:             DefaultServerAcceptedCiphers,
}

ServerDefault is a secure-enough TLS configuration for the server TLS configuration.

Functions

func Client

func Client(options Options) (*tls.Config, error)

Client returns a TLS configuration meant to be used by a client.

func Server

func Server(options Options) (*tls.Config, error)

Server returns a TLS configuration meant to be used by a server.

Types

type Options

type Options struct {
	InsecureSkipVerify bool
	ClientAuth         tls.ClientAuthType
	CAFile             string
	CertFile           string
	KeyFile            string
}

Options represents the information needed to create client and server TLS configurations.