Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func LoadCACertFile ¶
LoadCACertFile reads in a CA cert file that may contain multiple certs and gives you back a proper x509.CertPool for your fun and proffit
func LoadKeyCertFiles ¶
func LoadKeyCertFiles(keyFile, certFile string) (tls.Certificate, error)
LoadKeyCertFiles is a helper function for loading keypairs. it takes the key and cert file paths as strings and returns you a proper tls.Certificate
func NewTLSConfig ¶
func NewTLSConfig(level TLSConfigLevel) *tls.Config
NewTLSConfig returns a *tls.Config that is pre-configured to match (roughly) the Mozilla recommended TLS specification. Different levels of security -vs- compatbility can be specified via the 'level' var.
Based on: https://blog.gopheracademy.com/advent-2016/exposing-go-on-the-internet/ Last updated: 2017-01-11
func NewTLSServer ¶
func NewTLSServer(config TLSServerConfig) *http.Server
NewTLSServer sets up a Pantheon(TM) type of tls server that Requires and Verifies peer cert
Types ¶
type TLSConfigLevel ¶
type TLSConfigLevel int
TLSConfigLevel declares a TLS configuration level returned by the NewTLSConfig func
const ( TLSConfigDefault TLSConfigLevel = iota TLSConfigIntermediate TLSConfigModern )
Based on https://blog.gopheracademy.com/advent-2016/exposing-go-on-the-internet/ and the Mozilla TLS recommendations: https://wiki.mozilla.org/Security/Server_Side_TLS
type TLSServerConfig ¶
type TLSServerConfig struct { CertPool *x509.CertPool BindAddress string Port int Router http.Handler TLSConfigLevel TLSConfigLevel }
TLSServerConfig is the configuration you use to create a TLSServer