tlsconfig

package
v0.0.0-...-17edc22 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 12, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var TLSCipherLookup = map[string]uint16{

	`tls_rsa_with_rc4_128_sha`:                tls.TLS_RSA_WITH_RC4_128_SHA,
	`tls_rsa_with_3des_ede_cbc_sha`:           tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
	`tls_rsa_with_aes_128_cbc_sha`:            tls.TLS_RSA_WITH_AES_128_CBC_SHA,
	`tls_rsa_with_aes_256_cbc_sha`:            tls.TLS_RSA_WITH_AES_256_CBC_SHA,
	`tls_rsa_with_aes_128_cbc_sha256`:         tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
	`tls_rsa_with_aes_128_gcm_sha256`:         tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
	`tls_rsa_with_aes_256_gcm_sha384`:         tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
	`tls_ecdhe_ecdsa_with_rc4_128_sha`:        tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
	`tls_ecdhe_ecdsa_with_aes_128_cbc_sha`:    tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
	`tls_ecdhe_ecdsa_with_aes_256_cbc_sha`:    tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
	`tls_ecdhe_rsa_with_rc4_128_sha`:          tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
	`tls_ecdhe_rsa_with_3des_ede_cbc_sha`:     tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
	`tls_ecdhe_rsa_with_aes_128_cbc_sha`:      tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
	`tls_ecdhe_rsa_with_aes_256_cbc_sha`:      tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
	`tls_ecdhe_ecdsa_with_aes_128_cbc_sha256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
	`tls_ecdhe_rsa_with_aes_128_cbc_sha256`:   tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
	`tls_ecdhe_rsa_with_aes_128_gcm_sha256`:   tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
	`tls_ecdhe_ecdsa_with_aes_128_gcm_sha256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	`tls_ecdhe_rsa_with_aes_256_gcm_sha384`:   tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	`tls_ecdhe_ecdsa_with_aes_256_gcm_sha384`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	`tls_ecdhe_rsa_with_chacha20_poly1305`:    tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
	`tls_ecdhe_ecdsa_with_chacha20_poly1305`:  tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,

	`tls_aes_128_gcm_sha256`:       tls.TLS_AES_128_GCM_SHA256,
	`tls_aes_256_gcm_sha384`:       tls.TLS_AES_256_GCM_SHA384,
	`tls_chacha20_poly1305_sha256`: tls.TLS_CHACHA20_POLY1305_SHA256,

	`tls_fallback_scsv`: tls.TLS_FALLBACK_SCSV,
}

TLSCipherLookup is a lookup table for TLS Cipher ID

View Source 
var TLSClientAuthLookup = map[string]tls.ClientAuthType{
	`noclientcert`:               tls.NoClientCert,
	`requestclientcert`:          tls.RequestClientCert,
	`requireanyclientcert`:       tls.RequireAnyClientCert,
	`verifyclientcertifgiven`:    tls.VerifyClientCertIfGiven,
	`requireandverifyclientcert`: tls.RequireAndVerifyClientCert,
}

TLSClientAuthLookup is a lookup table for TLS Client Auth

View Source 
var TLSCurveLookup = map[string]tls.CurveID{
	`curvep256`: tls.CurveP256,
	`curvep384`: tls.CurveP384,
	`curvep521`: tls.CurveP521,
	`x25519`:    tls.X25519,
}

TLSCurveLookup is a lookup table for TLS Curve ID

View Source 
var TLSRenegotiateLookup = map[string]tls.RenegotiationSupport{
	`renegotiatenever`:          tls.RenegotiateNever,
	`renegotiateonceasclient`:   tls.RenegotiateOnceAsClient,
	`renegotiatefreelyasclient`: tls.RenegotiateFreelyAsClient,
}

TLSRenegotiateLookup is a lookup table for TLS renegotiate ID

View Source 
var TLSVersionLookup = map[string]uint16{
	`versionssl30`: tls.VersionSSL30,
	`versiontls10`: tls.VersionTLS10,
	`versiontls11`: tls.VersionTLS11,
	`versiontls12`: tls.VersionTLS12,
	`versiontls13`: tls.VersionTLS13,
}

TLSVersionLookup is a lookup table for TLS Version ID

Functions

func AddCertificate 

func AddCertificate(t TLSConfig, c *tls.Config) error

AddCertificate adds a certificate to an existing config, based on TLSConfig

func GetOCSPResult 

func GetOCSPResult(certificates []*x509.Certificate) ([]byte, *ocsp.Response, error)

GetOCSPResult collects the required certificates and handles the OCSP call

func LoadCertificate 

func LoadCertificate(t TLSConfig) (c *tls.Config, err error)

LoadCertificate loads the user definable config and returns the tls.Config

func OCSPHandler 

func OCSPHandler(c *tls.Config, quit chan bool)

OCSPHandler refreshes OCSP staple if expired or not present

func RenewOCSP 

func RenewOCSP(c *tls.Config) (time.Time, error)

RenewOCSP renews the OCSP reply Caveat - the expiry time is that of the shortest certificate

Types

type TLSConfig 

type TLSConfig struct {
	CertificateKey     string   `json:"certificatekey" toml:"certificatekey"`
	CertificateFile    string   `json:"certificatefile" toml:"certificatefile"`
	MinVersion         string   `json:"minversion" toml:"minversion"`
	MaxVersion         string   `json:"maxversion" toml:"maxversion"`
	Renegotiation      string   `json:"renegotiation" toml:"renegotiation"`
	CipherSuites       []string `json:"ciphersuites" toml:"ciphersuites"`
	CurvePreferences   []string `json:"curvepreferences" toml:"curvepreferences"`
	InsecureSkipVerify bool     `json:"insecureskipverify" toml:"insecureskipverify"`
	ClientAuth         string   `json:"clientauth" toml:"clientauth"`
}

TLSConfig is user definable config for TLS

func (TLSConfig) CertificateProvided 

func (t TLSConfig) CertificateProvided() bool

CertificateProvided returns true or there is a certificate configured in the tls config

func (TLSConfig) Valid 

func (t TLSConfig) Valid() error

Valid returns if given files and certificates are valid or not

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.