You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1205 lines
48 KiB

8 years ago
  1. <!DOCTYPE html>
  2. <html>
  3. <head>
  4. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  5. <meta name="viewport" content="width=device-width, initial-scale=1">
  6. <meta name="theme-color" content="#375EAB">
  7. <title>tls - The Go Programming Language</title>
  8. <link type="text/css" rel="stylesheet" href="../../../lib/godoc/style.css">
  9. <link rel="stylesheet" href="../../../lib/godoc/jquery.treeview.css">
  10. <script type="text/javascript">window.initFuncs = [];</script>
  11. </head>
  12. <body>
  13. <div id='lowframe' style="position: fixed; bottom: 0; left: 0; height: 0; width: 100%; border-top: thin solid grey; background-color: white; overflow: auto;">
  14. ...
  15. </div><!-- #lowframe -->
  16. <div id="topbar" class="wide"><div class="container">
  17. <div class="top-heading" id="heading-wide"><a href="http://localhost:6060/">The Go Programming Language</a></div>
  18. <div class="top-heading" id="heading-narrow"><a href="http://localhost:6060/">Go</a></div>
  19. <a href="index.html#" id="menu-button"><span id="menu-button-arrow">&#9661;</span></a>
  20. <form method="GET" action="http://localhost:6060/search">
  21. <div id="menu">
  22. <a href="http://localhost:6060/doc/">Documents</a>
  23. <a href="http://localhost:6060/pkg/">Packages</a>
  24. <a href="http://localhost:6060/project/">The Project</a>
  25. <a href="http://localhost:6060/help/">Help</a>
  26. <a href="http://localhost:6060/blog/">Blog</a>
  27. <input type="text" id="search" name="q" class="inactive" value="Search" placeholder="Search">
  28. </div>
  29. </form>
  30. </div></div>
  31. <div id="page" class="wide">
  32. <div class="container">
  33. <h1>Package tls</h1>
  34. <div id="nav"></div>
  35. <!--
  36. Copyright 2009 The Go Authors. All rights reserved.
  37. Use of this source code is governed by a BSD-style
  38. license that can be found in the LICENSE file.
  39. -->
  40. <!--
  41. Note: Static (i.e., not template-generated) href and id
  42. attributes start with "pkg-" to make it impossible for
  43. them to conflict with generated attributes (some of which
  44. correspond to Go identifiers).
  45. -->
  46. <script type='text/javascript'>
  47. document.ANALYSIS_DATA = null;
  48. document.CALLGRAPH = null;
  49. </script>
  50. <div id="short-nav">
  51. <dl>
  52. <dd><code>import "crypto/tls"</code></dd>
  53. </dl>
  54. <dl>
  55. <dd><a href="index.html#pkg-overview" class="overviewLink">Overview</a></dd>
  56. <dd><a href="index.html#pkg-index" class="indexLink">Index</a></dd>
  57. <dd><a href="index.html#pkg-examples" class="examplesLink">Examples</a></dd>
  58. </dl>
  59. </div>
  60. <!-- The package's Name is printed as title by the top-level template -->
  61. <div id="pkg-overview" class="toggleVisible">
  62. <div class="collapsed">
  63. <h2 class="toggleButton" title="Click to show Overview section">Overview ▹</h2>
  64. </div>
  65. <div class="expanded">
  66. <h2 class="toggleButton" title="Click to hide Overview section">Overview ▾</h2>
  67. <p>
  68. Package tls partially implements TLS 1.2, as specified in RFC 5246.
  69. </p>
  70. </div>
  71. </div>
  72. <div id="pkg-index" class="toggleVisible">
  73. <div class="collapsed">
  74. <h2 class="toggleButton" title="Click to show Index section">Index ▹</h2>
  75. </div>
  76. <div class="expanded">
  77. <h2 class="toggleButton" title="Click to hide Index section">Index ▾</h2>
  78. <!-- Table of contents for API; must be named manual-nav to turn off auto nav. -->
  79. <div id="manual-nav">
  80. <dl>
  81. <dd><a href="index.html#pkg-constants">Constants</a></dd>
  82. <dd><a href="index.html#Listen">func Listen(network, laddr string, config *Config) (net.Listener, error)</a></dd>
  83. <dd><a href="index.html#NewListener">func NewListener(inner net.Listener, config *Config) net.Listener</a></dd>
  84. <dd><a href="index.html#Certificate">type Certificate</a></dd>
  85. <dd>&nbsp; &nbsp; <a href="index.html#LoadX509KeyPair">func LoadX509KeyPair(certFile, keyFile string) (Certificate, error)</a></dd>
  86. <dd>&nbsp; &nbsp; <a href="index.html#X509KeyPair">func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error)</a></dd>
  87. <dd><a href="index.html#ClientAuthType">type ClientAuthType</a></dd>
  88. <dd><a href="index.html#ClientHelloInfo">type ClientHelloInfo</a></dd>
  89. <dd><a href="index.html#ClientSessionCache">type ClientSessionCache</a></dd>
  90. <dd>&nbsp; &nbsp; <a href="index.html#NewLRUClientSessionCache">func NewLRUClientSessionCache(capacity int) ClientSessionCache</a></dd>
  91. <dd><a href="index.html#ClientSessionState">type ClientSessionState</a></dd>
  92. <dd><a href="index.html#Config">type Config</a></dd>
  93. <dd>&nbsp; &nbsp; <a href="index.html#Config.BuildNameToCertificate">func (c *Config) BuildNameToCertificate()</a></dd>
  94. <dd>&nbsp; &nbsp; <a href="index.html#Config.SetSessionTicketKeys">func (c *Config) SetSessionTicketKeys(keys [][32]byte)</a></dd>
  95. <dd><a href="index.html#Conn">type Conn</a></dd>
  96. <dd>&nbsp; &nbsp; <a href="index.html#Client">func Client(conn net.Conn, config *Config) *Conn</a></dd>
  97. <dd>&nbsp; &nbsp; <a href="index.html#Dial">func Dial(network, addr string, config *Config) (*Conn, error)</a></dd>
  98. <dd>&nbsp; &nbsp; <a href="index.html#DialWithDialer">func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error)</a></dd>
  99. <dd>&nbsp; &nbsp; <a href="index.html#Server">func Server(conn net.Conn, config *Config) *Conn</a></dd>
  100. <dd>&nbsp; &nbsp; <a href="index.html#Conn.Close">func (c *Conn) Close() error</a></dd>
  101. <dd>&nbsp; &nbsp; <a href="index.html#Conn.ConnectionState">func (c *Conn) ConnectionState() ConnectionState</a></dd>
  102. <dd>&nbsp; &nbsp; <a href="index.html#Conn.Handshake">func (c *Conn) Handshake() error</a></dd>
  103. <dd>&nbsp; &nbsp; <a href="index.html#Conn.LocalAddr">func (c *Conn) LocalAddr() net.Addr</a></dd>
  104. <dd>&nbsp; &nbsp; <a href="index.html#Conn.OCSPResponse">func (c *Conn) OCSPResponse() []byte</a></dd>
  105. <dd>&nbsp; &nbsp; <a href="index.html#Conn.Read">func (c *Conn) Read(b []byte) (n int, err error)</a></dd>
  106. <dd>&nbsp; &nbsp; <a href="index.html#Conn.RemoteAddr">func (c *Conn) RemoteAddr() net.Addr</a></dd>
  107. <dd>&nbsp; &nbsp; <a href="index.html#Conn.SetDeadline">func (c *Conn) SetDeadline(t time.Time) error</a></dd>
  108. <dd>&nbsp; &nbsp; <a href="index.html#Conn.SetReadDeadline">func (c *Conn) SetReadDeadline(t time.Time) error</a></dd>
  109. <dd>&nbsp; &nbsp; <a href="index.html#Conn.SetWriteDeadline">func (c *Conn) SetWriteDeadline(t time.Time) error</a></dd>
  110. <dd>&nbsp; &nbsp; <a href="index.html#Conn.VerifyHostname">func (c *Conn) VerifyHostname(host string) error</a></dd>
  111. <dd>&nbsp; &nbsp; <a href="index.html#Conn.Write">func (c *Conn) Write(b []byte) (int, error)</a></dd>
  112. <dd><a href="index.html#ConnectionState">type ConnectionState</a></dd>
  113. <dd><a href="index.html#CurveID">type CurveID</a></dd>
  114. <dd><a href="index.html#RecordHeaderError">type RecordHeaderError</a></dd>
  115. <dd>&nbsp; &nbsp; <a href="index.html#RecordHeaderError.Error">func (e RecordHeaderError) Error() string</a></dd>
  116. <dd><a href="index.html#pkg-note-BUG">Bugs</a></dd>
  117. </dl>
  118. </div><!-- #manual-nav -->
  119. <div id="pkg-examples">
  120. <h4>Examples</h4>
  121. <dl>
  122. <dd><a class="exampleLink" href="index.html#example_Dial">Dial</a></dd>
  123. </dl>
  124. </div>
  125. <h4>Package files</h4>
  126. <p>
  127. <span style="font-size:90%">
  128. <a href="http://localhost:6060/src/crypto/tls/alert.go">alert.go</a>
  129. <a href="http://localhost:6060/src/crypto/tls/cipher_suites.go">cipher_suites.go</a>
  130. <a href="http://localhost:6060/src/crypto/tls/common.go">common.go</a>
  131. <a href="http://localhost:6060/src/crypto/tls/conn.go">conn.go</a>
  132. <a href="http://localhost:6060/src/crypto/tls/handshake_client.go">handshake_client.go</a>
  133. <a href="http://localhost:6060/src/crypto/tls/handshake_messages.go">handshake_messages.go</a>
  134. <a href="http://localhost:6060/src/crypto/tls/handshake_server.go">handshake_server.go</a>
  135. <a href="http://localhost:6060/src/crypto/tls/key_agreement.go">key_agreement.go</a>
  136. <a href="http://localhost:6060/src/crypto/tls/prf.go">prf.go</a>
  137. <a href="http://localhost:6060/src/crypto/tls/ticket.go">ticket.go</a>
  138. <a href="http://localhost:6060/src/crypto/tls/tls.go">tls.go</a>
  139. </span>
  140. </p>
  141. </div><!-- .expanded -->
  142. </div><!-- #pkg-index -->
  143. <div id="pkg-callgraph" class="toggle" style="display: none">
  144. <div class="collapsed">
  145. <h2 class="toggleButton" title="Click to show Internal Call Graph section">Internal call graph ▹</h2>
  146. </div> <!-- .expanded -->
  147. <div class="expanded">
  148. <h2 class="toggleButton" title="Click to hide Internal Call Graph section">Internal call graph ▾</h2>
  149. <p>
  150. In the call graph viewer below, each node
  151. is a function belonging to this package
  152. and its children are the functions it
  153. calls&mdash;perhaps dynamically.
  154. </p>
  155. <p>
  156. The root nodes are the entry points of the
  157. package: functions that may be called from
  158. outside the package.
  159. There may be non-exported or anonymous
  160. functions among them if they are called
  161. dynamically from another package.
  162. </p>
  163. <p>
  164. Click a node to visit that function's source code.
  165. From there you can visit its callers by
  166. clicking its declaring <code>func</code>
  167. token.
  168. </p>
  169. <p>
  170. Functions may be omitted if they were
  171. determined to be unreachable in the
  172. particular programs or tests that were
  173. analyzed.
  174. </p>
  175. <!-- Zero means show all package entry points. -->
  176. <ul style="margin-left: 0.5in" id="callgraph-0" class="treeview"></ul>
  177. </div>
  178. </div> <!-- #pkg-callgraph -->
  179. <h2 id="pkg-constants">Constants</h2>
  180. <pre>const (
  181. <span id="TLS_RSA_WITH_RC4_128_SHA">TLS_RSA_WITH_RC4_128_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0x0005
  182. <span id="TLS_RSA_WITH_3DES_EDE_CBC_SHA">TLS_RSA_WITH_3DES_EDE_CBC_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0x000a
  183. <span id="TLS_RSA_WITH_AES_128_CBC_SHA">TLS_RSA_WITH_AES_128_CBC_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0x002f
  184. <span id="TLS_RSA_WITH_AES_256_CBC_SHA">TLS_RSA_WITH_AES_256_CBC_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0x0035
  185. <span id="TLS_RSA_WITH_AES_128_GCM_SHA256">TLS_RSA_WITH_AES_128_GCM_SHA256</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0x009c
  186. <span id="TLS_RSA_WITH_AES_256_GCM_SHA384">TLS_RSA_WITH_AES_256_GCM_SHA384</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0x009d
  187. <span id="TLS_ECDHE_ECDSA_WITH_RC4_128_SHA">TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc007
  188. <span id="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA">TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc009
  189. <span id="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA">TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc00a
  190. <span id="TLS_ECDHE_RSA_WITH_RC4_128_SHA">TLS_ECDHE_RSA_WITH_RC4_128_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc011
  191. <span id="TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA">TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc012
  192. <span id="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc013
  193. <span id="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc014
  194. <span id="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc02f
  195. <span id="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256">TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc02b
  196. <span id="TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384">TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc030
  197. <span id="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384">TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0xc02c
  198. <span class="comment">// TLS_FALLBACK_SCSV isn&#39;t a standard cipher suite but an indicator</span>
  199. <span class="comment">// that the client is doing version fallback. See</span>
  200. <span class="comment">// https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00.</span>
  201. <span id="TLS_FALLBACK_SCSV">TLS_FALLBACK_SCSV</span> <a href="../../builtin/index.html#uint16">uint16</a> = 0x5600
  202. )</pre>
  203. <p>
  204. A list of the possible cipher suite ids. Taken from
  205. <a href="http://www.iana.org/assignments/tls-parameters/tls-parameters.xml">http://www.iana.org/assignments/tls-parameters/tls-parameters.xml</a>
  206. </p>
  207. <pre>const (
  208. <span id="VersionSSL30">VersionSSL30</span> = 0x0300
  209. <span id="VersionTLS10">VersionTLS10</span> = 0x0301
  210. <span id="VersionTLS11">VersionTLS11</span> = 0x0302
  211. <span id="VersionTLS12">VersionTLS12</span> = 0x0303
  212. )</pre>
  213. <h2 id="Listen">func <a href="http://localhost:6060/src/crypto/tls/tls.go?s=2241:2313#L65">Listen</a></h2>
  214. <pre>func Listen(network, laddr <a href="../../builtin/index.html#string">string</a>, config *<a href="index.html#Config">Config</a>) (<a href="../../net/index.html">net</a>.<a href="../../net/index.html#Listener">Listener</a>, <a href="../../builtin/index.html#error">error</a>)</pre>
  215. <p>
  216. Listen creates a TLS listener accepting connections on the
  217. given network address using net.Listen.
  218. The configuration config must be non-nil and must include
  219. at least one certificate or else set GetCertificate.
  220. </p>
  221. <h2 id="NewListener">func <a href="http://localhost:6060/src/crypto/tls/tls.go?s=1879:1944#L54">NewListener</a></h2>
  222. <pre>func NewListener(inner <a href="../../net/index.html">net</a>.<a href="../../net/index.html#Listener">Listener</a>, config *<a href="index.html#Config">Config</a>) <a href="../../net/index.html">net</a>.<a href="../../net/index.html#Listener">Listener</a></pre>
  223. <p>
  224. NewListener creates a Listener which accepts connections from an inner
  225. Listener and wraps each connection with Server.
  226. The configuration config must be non-nil and must include
  227. at least one certificate or else set GetCertificate.
  228. </p>
  229. <h2 id="Certificate">type <a href="http://localhost:6060/src/crypto/tls/common.go?s=18722:19694#L556">Certificate</a></h2>
  230. <pre>type Certificate struct {
  231. Certificate [][]<a href="../../builtin/index.html#byte">byte</a>
  232. <span class="comment">// PrivateKey contains the private key corresponding to the public key</span>
  233. <span class="comment">// in Leaf. For a server, this must implement crypto.Signer and/or</span>
  234. <span class="comment">// crypto.Decrypter, with an RSA or ECDSA PublicKey. For a client</span>
  235. <span class="comment">// (performing client authentication), this must be a crypto.Signer</span>
  236. <span class="comment">// with an RSA or ECDSA PublicKey.</span>
  237. PrivateKey <a href="../index.html">crypto</a>.<a href="../index.html#PrivateKey">PrivateKey</a>
  238. <span class="comment">// OCSPStaple contains an optional OCSP response which will be served</span>
  239. <span class="comment">// to clients that request it.</span>
  240. OCSPStaple []<a href="../../builtin/index.html#byte">byte</a>
  241. <span class="comment">// SignedCertificateTimestamps contains an optional list of Signed</span>
  242. <span class="comment">// Certificate Timestamps which will be served to clients that request it.</span>
  243. SignedCertificateTimestamps [][]<a href="../../builtin/index.html#byte">byte</a>
  244. <span class="comment">// Leaf is the parsed form of the leaf certificate, which may be</span>
  245. <span class="comment">// initialized using x509.ParseCertificate to reduce per-handshake</span>
  246. <span class="comment">// processing for TLS clients doing client authentication. If nil, the</span>
  247. <span class="comment">// leaf certificate will be parsed as needed.</span>
  248. Leaf *<a href="../x509/index.html">x509</a>.<a href="../x509/index.html#Certificate">Certificate</a>
  249. }</pre>
  250. <p>
  251. A Certificate is a chain of one or more certificates, leaf first.
  252. </p>
  253. <h3 id="LoadX509KeyPair">func <a href="http://localhost:6060/src/crypto/tls/tls.go?s=5250:5317#L168">LoadX509KeyPair</a></h3>
  254. <pre>func LoadX509KeyPair(certFile, keyFile <a href="../../builtin/index.html#string">string</a>) (<a href="index.html#Certificate">Certificate</a>, <a href="../../builtin/index.html#error">error</a>)</pre>
  255. <p>
  256. LoadX509KeyPair reads and parses a public/private key pair from a pair of
  257. files. The files must contain PEM encoded data. On successful return,
  258. Certificate.Leaf will be nil because the parsed form of the certificate is
  259. not retained.
  260. </p>
  261. <h3 id="X509KeyPair">func <a href="http://localhost:6060/src/crypto/tls/tls.go?s=5758:5829#L183">X509KeyPair</a></h3>
  262. <pre>func X509KeyPair(certPEMBlock, keyPEMBlock []<a href="../../builtin/index.html#byte">byte</a>) (<a href="index.html#Certificate">Certificate</a>, <a href="../../builtin/index.html#error">error</a>)</pre>
  263. <p>
  264. X509KeyPair parses a public/private key pair from a pair of
  265. PEM encoded data. On successful return, Certificate.Leaf will be nil because
  266. the parsed form of the certificate is not retained.
  267. </p>
  268. <h2 id="ClientAuthType">type <a href="http://localhost:6060/src/crypto/tls/common.go?s=5897:5920#L171">ClientAuthType</a></h2>
  269. <pre>type ClientAuthType <a href="../../builtin/index.html#int">int</a></pre>
  270. <p>
  271. ClientAuthType declares the policy the server will follow for
  272. TLS Client Authentication.
  273. </p>
  274. <pre>const (
  275. <span id="NoClientCert">NoClientCert</span> <a href="index.html#ClientAuthType">ClientAuthType</a> = <a href="../../builtin/index.html#iota">iota</a>
  276. <span id="RequestClientCert">RequestClientCert</span>
  277. <span id="RequireAnyClientCert">RequireAnyClientCert</span>
  278. <span id="VerifyClientCertIfGiven">VerifyClientCertIfGiven</span>
  279. <span id="RequireAndVerifyClientCert">RequireAndVerifyClientCert</span>
  280. )</pre>
  281. <h2 id="ClientHelloInfo">type <a href="http://localhost:6060/src/crypto/tls/common.go?s=7461:8359#L207">ClientHelloInfo</a></h2>
  282. <pre>type ClientHelloInfo struct {
  283. <span class="comment">// CipherSuites lists the CipherSuites supported by the client (e.g.</span>
  284. <span class="comment">// TLS_RSA_WITH_RC4_128_SHA).</span>
  285. CipherSuites []<a href="../../builtin/index.html#uint16">uint16</a>
  286. <span class="comment">// ServerName indicates the name of the server requested by the client</span>
  287. <span class="comment">// in order to support virtual hosting. ServerName is only set if the</span>
  288. <span class="comment">// client is using SNI (see</span>
  289. <span class="comment">// http://tools.ietf.org/html/rfc4366#section-3.1).</span>
  290. ServerName <a href="../../builtin/index.html#string">string</a>
  291. <span class="comment">// SupportedCurves lists the elliptic curves supported by the client.</span>
  292. <span class="comment">// SupportedCurves is set only if the Supported Elliptic Curves</span>
  293. <span class="comment">// Extension is being used (see</span>
  294. <span class="comment">// http://tools.ietf.org/html/rfc4492#section-5.1.1).</span>
  295. SupportedCurves []<a href="index.html#CurveID">CurveID</a>
  296. <span class="comment">// SupportedPoints lists the point formats supported by the client.</span>
  297. <span class="comment">// SupportedPoints is set only if the Supported Point Formats Extension</span>
  298. <span class="comment">// is being used (see</span>
  299. <span class="comment">// http://tools.ietf.org/html/rfc4492#section-5.1.2).</span>
  300. SupportedPoints []<a href="../../builtin/index.html#uint8">uint8</a>
  301. }</pre>
  302. <p>
  303. ClientHelloInfo contains information from a ClientHello message in order to
  304. guide certificate selection in the GetCertificate callback.
  305. </p>
  306. <h2 id="ClientSessionCache">type <a href="http://localhost:6060/src/crypto/tls/common.go?s=6982:7317#L196">ClientSessionCache</a></h2>
  307. <pre>type ClientSessionCache interface {
  308. <span class="comment">// Get searches for a ClientSessionState associated with the given key.</span>
  309. <span class="comment">// On return, ok is true if one was found.</span>
  310. Get(sessionKey <a href="../../builtin/index.html#string">string</a>) (session *<a href="index.html#ClientSessionState">ClientSessionState</a>, ok <a href="../../builtin/index.html#bool">bool</a>)
  311. <span class="comment">// Put adds the ClientSessionState to the cache with the given key.</span>
  312. Put(sessionKey <a href="../../builtin/index.html#string">string</a>, cs *<a href="index.html#ClientSessionState">ClientSessionState</a>)
  313. }</pre>
  314. <p>
  315. ClientSessionCache is a cache of ClientSessionState objects that can be used
  316. by a client to resume a TLS session with a given server. ClientSessionCache
  317. implementations should expect to be called concurrently from different
  318. goroutines.
  319. </p>
  320. <h3 id="NewLRUClientSessionCache">func <a href="http://localhost:6060/src/crypto/tls/common.go?s=20353:20415#L607">NewLRUClientSessionCache</a></h3>
  321. <pre>func NewLRUClientSessionCache(capacity <a href="../../builtin/index.html#int">int</a>) <a href="index.html#ClientSessionCache">ClientSessionCache</a></pre>
  322. <p>
  323. NewLRUClientSessionCache returns a ClientSessionCache with the given
  324. capacity that uses an LRU strategy. If capacity is &lt; 1, a default capacity
  325. is used instead.
  326. </p>
  327. <h2 id="ClientSessionState">type <a href="http://localhost:6060/src/crypto/tls/common.go?s=6149:6732#L183">ClientSessionState</a></h2>
  328. <pre>type ClientSessionState struct {
  329. <span class="comment">// contains filtered or unexported fields</span>
  330. }</pre>
  331. <p>
  332. ClientSessionState contains the state needed by clients to resume TLS
  333. sessions.
  334. </p>
  335. <h2 id="Config">type <a href="http://localhost:6060/src/crypto/tls/common.go?s=8571:13326#L235">Config</a></h2>
  336. <pre>type Config struct {
  337. <span class="comment">// Rand provides the source of entropy for nonces and RSA blinding.</span>
  338. <span class="comment">// If Rand is nil, TLS uses the cryptographic random reader in package</span>
  339. <span class="comment">// crypto/rand.</span>
  340. <span class="comment">// The Reader must be safe for use by multiple goroutines.</span>
  341. Rand <a href="../../io/index.html">io</a>.<a href="../../io/index.html#Reader">Reader</a>
  342. <span class="comment">// Time returns the current time as the number of seconds since the epoch.</span>
  343. <span class="comment">// If Time is nil, TLS uses time.Now.</span>
  344. Time func() <a href="../../time/index.html">time</a>.<a href="../../time/index.html#Time">Time</a>
  345. <span class="comment">// Certificates contains one or more certificate chains</span>
  346. <span class="comment">// to present to the other side of the connection.</span>
  347. <span class="comment">// Server configurations must include at least one certificate</span>
  348. <span class="comment">// or else set GetCertificate.</span>
  349. Certificates []<a href="index.html#Certificate">Certificate</a>
  350. <span class="comment">// NameToCertificate maps from a certificate name to an element of</span>
  351. <span class="comment">// Certificates. Note that a certificate name can be of the form</span>
  352. <span class="comment">// &#39;*.example.com&#39; and so doesn&#39;t have to be a domain name as such.</span>
  353. <span class="comment">// See Config.BuildNameToCertificate</span>
  354. <span class="comment">// The nil value causes the first element of Certificates to be used</span>
  355. <span class="comment">// for all connections.</span>
  356. NameToCertificate map[<a href="../../builtin/index.html#string">string</a>]*<a href="index.html#Certificate">Certificate</a>
  357. <span class="comment">// GetCertificate returns a Certificate based on the given</span>
  358. <span class="comment">// ClientHelloInfo. It will only be called if the client supplies SNI</span>
  359. <span class="comment">// information or if Certificates is empty.</span>
  360. <span class="comment">//</span>
  361. <span class="comment">// If GetCertificate is nil or returns nil, then the certificate is</span>
  362. <span class="comment">// retrieved from NameToCertificate. If NameToCertificate is nil, the</span>
  363. <span class="comment">// first element of Certificates will be used.</span>
  364. GetCertificate func(clientHello *<a href="index.html#ClientHelloInfo">ClientHelloInfo</a>) (*<a href="index.html#Certificate">Certificate</a>, <a href="../../builtin/index.html#error">error</a>)
  365. <span class="comment">// RootCAs defines the set of root certificate authorities</span>
  366. <span class="comment">// that clients use when verifying server certificates.</span>
  367. <span class="comment">// If RootCAs is nil, TLS uses the host&#39;s root CA set.</span>
  368. RootCAs *<a href="../x509/index.html">x509</a>.<a href="../x509/index.html#CertPool">CertPool</a>
  369. <span class="comment">// NextProtos is a list of supported, application level protocols.</span>
  370. NextProtos []<a href="../../builtin/index.html#string">string</a>
  371. <span class="comment">// ServerName is used to verify the hostname on the returned</span>
  372. <span class="comment">// certificates unless InsecureSkipVerify is given. It is also included</span>
  373. <span class="comment">// in the client&#39;s handshake to support virtual hosting unless it is</span>
  374. <span class="comment">// an IP address.</span>
  375. ServerName <a href="../../builtin/index.html#string">string</a>
  376. <span class="comment">// ClientAuth determines the server&#39;s policy for</span>
  377. <span class="comment">// TLS Client Authentication. The default is NoClientCert.</span>
  378. ClientAuth <a href="index.html#ClientAuthType">ClientAuthType</a>
  379. <span class="comment">// ClientCAs defines the set of root certificate authorities</span>
  380. <span class="comment">// that servers use if required to verify a client certificate</span>
  381. <span class="comment">// by the policy in ClientAuth.</span>
  382. ClientCAs *<a href="../x509/index.html">x509</a>.<a href="../x509/index.html#CertPool">CertPool</a>
  383. <span class="comment">// InsecureSkipVerify controls whether a client verifies the</span>
  384. <span class="comment">// server&#39;s certificate chain and host name.</span>
  385. <span class="comment">// If InsecureSkipVerify is true, TLS accepts any certificate</span>
  386. <span class="comment">// presented by the server and any host name in that certificate.</span>
  387. <span class="comment">// In this mode, TLS is susceptible to man-in-the-middle attacks.</span>
  388. <span class="comment">// This should be used only for testing.</span>
  389. InsecureSkipVerify <a href="../../builtin/index.html#bool">bool</a>
  390. <span class="comment">// CipherSuites is a list of supported cipher suites. If CipherSuites</span>
  391. <span class="comment">// is nil, TLS uses a list of suites supported by the implementation.</span>
  392. CipherSuites []<a href="../../builtin/index.html#uint16">uint16</a>
  393. <span class="comment">// PreferServerCipherSuites controls whether the server selects the</span>
  394. <span class="comment">// client&#39;s most preferred ciphersuite, or the server&#39;s most preferred</span>
  395. <span class="comment">// ciphersuite. If true then the server&#39;s preference, as expressed in</span>
  396. <span class="comment">// the order of elements in CipherSuites, is used.</span>
  397. PreferServerCipherSuites <a href="../../builtin/index.html#bool">bool</a>
  398. <span class="comment">// SessionTicketsDisabled may be set to true to disable session ticket</span>
  399. <span class="comment">// (resumption) support.</span>
  400. SessionTicketsDisabled <a href="../../builtin/index.html#bool">bool</a>
  401. <span class="comment">// SessionTicketKey is used by TLS servers to provide session</span>
  402. <span class="comment">// resumption. See RFC 5077. If zero, it will be filled with</span>
  403. <span class="comment">// random data before the first server handshake.</span>
  404. <span class="comment">//</span>
  405. <span class="comment">// If multiple servers are terminating connections for the same host</span>
  406. <span class="comment">// they should all have the same SessionTicketKey. If the</span>
  407. <span class="comment">// SessionTicketKey leaks, previously recorded and future TLS</span>
  408. <span class="comment">// connections using that key are compromised.</span>
  409. SessionTicketKey [32]<a href="../../builtin/index.html#byte">byte</a>
  410. <span class="comment">// SessionCache is a cache of ClientSessionState entries for TLS session</span>
  411. <span class="comment">// resumption.</span>
  412. ClientSessionCache <a href="index.html#ClientSessionCache">ClientSessionCache</a>
  413. <span class="comment">// MinVersion contains the minimum SSL/TLS version that is acceptable.</span>
  414. <span class="comment">// If zero, then TLS 1.0 is taken as the minimum.</span>
  415. MinVersion <a href="../../builtin/index.html#uint16">uint16</a>
  416. <span class="comment">// MaxVersion contains the maximum SSL/TLS version that is acceptable.</span>
  417. <span class="comment">// If zero, then the maximum version supported by this package is used,</span>
  418. <span class="comment">// which is currently TLS 1.2.</span>
  419. MaxVersion <a href="../../builtin/index.html#uint16">uint16</a>
  420. <span class="comment">// CurvePreferences contains the elliptic curves that will be used in</span>
  421. <span class="comment">// an ECDHE handshake, in preference order. If empty, the default will</span>
  422. <span class="comment">// be used.</span>
  423. CurvePreferences []<a href="index.html#CurveID">CurveID</a>
  424. <span class="comment">// contains filtered or unexported fields</span>
  425. }</pre>
  426. <p>
  427. A Config structure is used to configure a TLS client or server.
  428. After one has been passed to a TLS function it must not be
  429. modified. A Config may be reused; the tls package will also not
  430. modify it.
  431. </p>
  432. <h3 id="Config.BuildNameToCertificate">func (*Config) <a href="http://localhost:6060/src/crypto/tls/common.go?s=18204:18245#L538">BuildNameToCertificate</a></h3>
  433. <pre>func (c *<a href="index.html#Config">Config</a>) BuildNameToCertificate()</pre>
  434. <p>
  435. BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate
  436. from the CommonName and SubjectAlternateName fields of each of the leaf
  437. certificates.
  438. </p>
  439. <h3 id="Config.SetSessionTicketKeys">func (*Config) <a href="http://localhost:6060/src/crypto/tls/common.go?s=15336:15390#L414">SetSessionTicketKeys</a></h3>
  440. <pre>func (c *<a href="index.html#Config">Config</a>) SetSessionTicketKeys(keys [][32]<a href="../../builtin/index.html#byte">byte</a>)</pre>
  441. <p>
  442. SetSessionTicketKeys updates the session ticket keys for a server. The first
  443. key will be used when creating new tickets, while all keys can be used for
  444. decrypting tickets. It is safe to call this function while the server is
  445. running in order to rotate the session ticket keys. The function will panic
  446. if keys is empty.
  447. </p>
  448. <h2 id="Conn">type <a href="http://localhost:6060/src/crypto/tls/conn.go?s=434:2064#L15">Conn</a></h2>
  449. <pre>type Conn struct {
  450. <span class="comment">// contains filtered or unexported fields</span>
  451. }</pre>
  452. <p>
  453. A Conn represents a secured connection.
  454. It implements the net.Conn interface.
  455. </p>
  456. <h3 id="Client">func <a href="http://localhost:6060/src/crypto/tls/tls.go?s=1129:1177#L29">Client</a></h3>
  457. <pre>func Client(conn <a href="../../net/index.html">net</a>.<a href="../../net/index.html#Conn">Conn</a>, config *<a href="index.html#Config">Config</a>) *<a href="index.html#Conn">Conn</a></pre>
  458. <p>
  459. Client returns a new TLS client side connection
  460. using conn as the underlying transport.
  461. The config cannot be nil: users must set either ServerName or
  462. InsecureSkipVerify in the config.
  463. </p>
  464. <h3 id="Dial">func <a href="http://localhost:6060/src/crypto/tls/tls.go?s=4874:4936#L160">Dial</a></h3>
  465. <pre>func Dial(network, addr <a href="../../builtin/index.html#string">string</a>, config *<a href="index.html#Config">Config</a>) (*<a href="index.html#Conn">Conn</a>, <a href="../../builtin/index.html#error">error</a>)</pre>
  466. <p>
  467. Dial connects to the given network address using net.Dial
  468. and then initiates a TLS handshake, returning the resulting
  469. TLS connection.
  470. Dial interprets a nil configuration as equivalent to
  471. the zero configuration; see the documentation of Config
  472. for the defaults.
  473. </p>
  474. <div id="example_Dial" class="toggle">
  475. <div class="collapsed">
  476. <p class="exampleHeading toggleButton"><span class="text">Example</span></p>
  477. </div>
  478. <div class="expanded">
  479. <p class="exampleHeading toggleButton"><span class="text">Example</span></p>
  480. <p>Code:</p>
  481. <pre class="code">
  482. <span class="comment">// Connecting with a custom root-certificate set.</span>
  483. const rootPEM = `
  484. -----BEGIN CERTIFICATE-----
  485. MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
  486. MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
  487. YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG
  488. EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
  489. bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
  490. AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
  491. VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
  492. h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
  493. ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
  494. EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
  495. DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7
  496. qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
  497. VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g
  498. K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI
  499. KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n
  500. ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB
  501. BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY
  502. /iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/
  503. zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza
  504. HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto
  505. WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6
  506. yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
  507. -----END CERTIFICATE-----`
  508. <span class="comment">// First, create the set of root certificates. For this example we only</span>
  509. <span class="comment">// have one. It&#39;s also possible to omit this in order to use the</span>
  510. <span class="comment">// default root set of the current operating system.</span>
  511. roots := x509.NewCertPool()
  512. ok := roots.AppendCertsFromPEM([]byte(rootPEM))
  513. if !ok {
  514. panic(&#34;failed to parse root certificate&#34;)
  515. }
  516. conn, err := tls.Dial(&#34;tcp&#34;, &#34;mail.google.com:443&#34;, &amp;tls.Config{
  517. RootCAs: roots,
  518. })
  519. if err != nil {
  520. panic(&#34;failed to connect: &#34; + err.Error())
  521. }
  522. conn.Close()
  523. </pre>
  524. </div>
  525. </div>
  526. <h3 id="DialWithDialer">func <a href="http://localhost:6060/src/crypto/tls/tls.go?s=3222:3314#L89">DialWithDialer</a></h3>
  527. <pre>func DialWithDialer(dialer *<a href="../../net/index.html">net</a>.<a href="../../net/index.html#Dialer">Dialer</a>, network, addr <a href="../../builtin/index.html#string">string</a>, config *<a href="index.html#Config">Config</a>) (*<a href="index.html#Conn">Conn</a>, <a href="../../builtin/index.html#error">error</a>)</pre>
  528. <p>
  529. DialWithDialer connects to the given network address using dialer.Dial and
  530. then initiates a TLS handshake, returning the resulting TLS connection. Any
  531. timeout or deadline given in the dialer apply to connection and TLS
  532. handshake as a whole.
  533. </p>
  534. <p>
  535. DialWithDialer interprets a nil configuration as equivalent to the zero
  536. configuration; see the documentation of Config for the defaults.
  537. </p>
  538. <h3 id="Server">func <a href="http://localhost:6060/src/crypto/tls/tls.go?s=837:885#L21">Server</a></h3>
  539. <pre>func Server(conn <a href="../../net/index.html">net</a>.<a href="../../net/index.html#Conn">Conn</a>, config *<a href="index.html#Config">Config</a>) *<a href="index.html#Conn">Conn</a></pre>
  540. <p>
  541. Server returns a new TLS server side connection
  542. using conn as the underlying transport.
  543. The configuration config must be non-nil and must include
  544. at least one certificate or else set GetCertificate.
  545. </p>
  546. <h3 id="Conn.Close">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=27608:27636#L972">Close</a></h3>
  547. <pre>func (c *<a href="index.html#Conn">Conn</a>) Close() <a href="../../builtin/index.html#error">error</a></pre>
  548. <p>
  549. Close closes the connection.
  550. </p>
  551. <h3 id="Conn.ConnectionState">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=29076:29124#L1031">ConnectionState</a></h3>
  552. <pre>func (c *<a href="index.html#Conn">Conn</a>) ConnectionState() <a href="index.html#ConnectionState">ConnectionState</a></pre>
  553. <p>
  554. ConnectionState returns basic TLS details about the connection.
  555. </p>
  556. <h3 id="Conn.Handshake">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=28683:28715#L1012">Handshake</a></h3>
  557. <pre>func (c *<a href="index.html#Conn">Conn</a>) Handshake() <a href="../../builtin/index.html#error">error</a></pre>
  558. <p>
  559. Handshake runs the client or server handshake
  560. protocol if it has not yet been run.
  561. Most uses of this package need not call Handshake
  562. explicitly: the first Read or Write will call it automatically.
  563. </p>
  564. <h3 id="Conn.LocalAddr">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=2227:2262#L63">LocalAddr</a></h3>
  565. <pre>func (c *<a href="index.html#Conn">Conn</a>) LocalAddr() <a href="../../net/index.html">net</a>.<a href="../../net/index.html#Addr">Addr</a></pre>
  566. <p>
  567. LocalAddr returns the local network address.
  568. </p>
  569. <h3 id="Conn.OCSPResponse">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=29897:29933#L1058">OCSPResponse</a></h3>
  570. <pre>func (c *<a href="index.html#Conn">Conn</a>) OCSPResponse() []<a href="../../builtin/index.html#byte">byte</a></pre>
  571. <p>
  572. OCSPResponse returns the stapled OCSP response from the TLS server, if
  573. any. (Only valid for client connections.)
  574. </p>
  575. <h3 id="Conn.Read">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=25776:25824#L911">Read</a></h3>
  576. <pre>func (c *<a href="index.html#Conn">Conn</a>) Read(b []<a href="../../builtin/index.html#byte">byte</a>) (n <a href="../../builtin/index.html#int">int</a>, err <a href="../../builtin/index.html#error">error</a>)</pre>
  577. <p>
  578. Read can be made to time out and return a net.Error with Timeout() == true
  579. after a fixed time limit; see SetDeadline and SetReadDeadline.
  580. </p>
  581. <h3 id="Conn.RemoteAddr">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=2345:2381#L68">RemoteAddr</a></h3>
  582. <pre>func (c *<a href="index.html#Conn">Conn</a>) RemoteAddr() <a href="../../net/index.html">net</a>.<a href="../../net/index.html#Addr">Addr</a></pre>
  583. <p>
  584. RemoteAddr returns the remote network address.
  585. </p>
  586. <h3 id="Conn.SetDeadline">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=2665:2710#L75">SetDeadline</a></h3>
  587. <pre>func (c *<a href="index.html#Conn">Conn</a>) SetDeadline(t <a href="../../time/index.html">time</a>.<a href="../../time/index.html#Time">Time</a>) <a href="../../builtin/index.html#error">error</a></pre>
  588. <p>
  589. SetDeadline sets the read and write deadlines associated with the connection.
  590. A zero value for t means Read and Write will not time out.
  591. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
  592. </p>
  593. <h3 id="Conn.SetReadDeadline">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=2870:2919#L81">SetReadDeadline</a></h3>
  594. <pre>func (c *<a href="index.html#Conn">Conn</a>) SetReadDeadline(t <a href="../../time/index.html">time</a>.<a href="../../time/index.html#Time">Time</a>) <a href="../../builtin/index.html#error">error</a></pre>
  595. <p>
  596. SetReadDeadline sets the read deadline on the underlying connection.
  597. A zero value for t means Read will not time out.
  598. </p>
  599. <h3 id="Conn.SetWriteDeadline">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=3193:3243#L88">SetWriteDeadline</a></h3>
  600. <pre>func (c *<a href="index.html#Conn">Conn</a>) SetWriteDeadline(t <a href="../../time/index.html">time</a>.<a href="../../time/index.html#Time">Time</a>) <a href="../../builtin/index.html#error">error</a></pre>
  601. <p>
  602. SetWriteDeadline sets the write deadline on the underlying connection.
  603. A zero value for t means Write will not time out.
  604. After a Write has timed out, the TLS state is corrupt and all future writes will return the same error.
  605. </p>
  606. <h3 id="Conn.VerifyHostname">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=30193:30241#L1068">VerifyHostname</a></h3>
  607. <pre>func (c *<a href="index.html#Conn">Conn</a>) VerifyHostname(host <a href="../../builtin/index.html#string">string</a>) <a href="../../builtin/index.html#error">error</a></pre>
  608. <p>
  609. VerifyHostname checks that the peer certificate chain is valid for
  610. connecting to host. If so, it returns nil; if not, it returns an error
  611. describing the problem.
  612. </p>
  613. <h3 id="Conn.Write">func (*Conn) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=24359:24402#L857">Write</a></h3>
  614. <pre>func (c *<a href="index.html#Conn">Conn</a>) Write(b []<a href="../../builtin/index.html#byte">byte</a>) (<a href="../../builtin/index.html#int">int</a>, <a href="../../builtin/index.html#error">error</a>)</pre>
  615. <p>
  616. Write writes data to the connection.
  617. </p>
  618. <h2 id="ConnectionState">type <a href="http://localhost:6060/src/crypto/tls/common.go?s=4296:5800#L147">ConnectionState</a></h2>
  619. <pre>type ConnectionState struct {
  620. Version <a href="../../builtin/index.html#uint16">uint16</a> <span class="comment">// TLS version used by the connection (e.g. VersionTLS12)</span>
  621. HandshakeComplete <a href="../../builtin/index.html#bool">bool</a> <span class="comment">// TLS handshake is complete</span>
  622. DidResume <a href="../../builtin/index.html#bool">bool</a> <span class="comment">// connection resumes a previous TLS connection</span>
  623. CipherSuite <a href="../../builtin/index.html#uint16">uint16</a> <span class="comment">// cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...)</span>
  624. NegotiatedProtocol <a href="../../builtin/index.html#string">string</a> <span class="comment">// negotiated next protocol (from Config.NextProtos)</span>
  625. NegotiatedProtocolIsMutual <a href="../../builtin/index.html#bool">bool</a> <span class="comment">// negotiated protocol was advertised by server</span>
  626. ServerName <a href="../../builtin/index.html#string">string</a> <span class="comment">// server name requested by client, if any (server side only)</span>
  627. PeerCertificates []*<a href="../x509/index.html">x509</a>.<a href="../x509/index.html#Certificate">Certificate</a> <span class="comment">// certificate chain presented by remote peer</span>
  628. VerifiedChains [][]*<a href="../x509/index.html">x509</a>.<a href="../x509/index.html#Certificate">Certificate</a> <span class="comment">// verified chains built from PeerCertificates</span>
  629. SignedCertificateTimestamps [][]<a href="../../builtin/index.html#byte">byte</a> <span class="comment">// SCTs from the server, if any</span>
  630. OCSPResponse []<a href="../../builtin/index.html#byte">byte</a> <span class="comment">// stapled OCSP response from server, if any</span>
  631. <span class="comment">// TLSUnique contains the &#34;tls-unique&#34; channel binding value (see RFC</span>
  632. <span class="comment">// 5929, section 3). For resumed sessions this value will be nil</span>
  633. <span class="comment">// because resumption does not include enough context (see</span>
  634. <span class="comment">// https://secure-resumption.com/#channelbindings). This will change in</span>
  635. <span class="comment">// future versions of Go once the TLS master-secret fix has been</span>
  636. <span class="comment">// standardized and implemented.</span>
  637. TLSUnique []<a href="../../builtin/index.html#byte">byte</a>
  638. }</pre>
  639. <p>
  640. ConnectionState records basic TLS details about the connection.
  641. </p>
  642. <h2 id="CurveID">type <a href="http://localhost:6060/src/crypto/tls/common.go?s=2318:2337#L81">CurveID</a></h2>
  643. <pre>type CurveID <a href="../../builtin/index.html#uint16">uint16</a></pre>
  644. <p>
  645. CurveID is the type of a TLS identifier for an elliptic curve. See
  646. <a href="http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8">http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8</a>
  647. </p>
  648. <pre>const (
  649. <span id="CurveP256">CurveP256</span> <a href="index.html#CurveID">CurveID</a> = 23
  650. <span id="CurveP384">CurveP384</span> <a href="index.html#CurveID">CurveID</a> = 24
  651. <span id="CurveP521">CurveP521</span> <a href="index.html#CurveID">CurveID</a> = 25
  652. )</pre>
  653. <h2 id="RecordHeaderError">type <a href="http://localhost:6060/src/crypto/tls/conn.go?s=14495:14721#L506">RecordHeaderError</a></h2>
  654. <pre>type RecordHeaderError struct {
  655. <span class="comment">// Msg contains a human readable string that describes the error.</span>
  656. Msg <a href="../../builtin/index.html#string">string</a>
  657. <span class="comment">// RecordHeader contains the five bytes of TLS record header that</span>
  658. <span class="comment">// triggered the error.</span>
  659. RecordHeader [5]<a href="../../builtin/index.html#byte">byte</a>
  660. }</pre>
  661. <p>
  662. RecordHeaderError results when a TLS record header is invalid.
  663. </p>
  664. <h3 id="RecordHeaderError.Error">func (RecordHeaderError) <a href="http://localhost:6060/src/crypto/tls/conn.go?s=14723:14764#L514">Error</a></h3>
  665. <pre>func (e <a href="index.html#RecordHeaderError">RecordHeaderError</a>) Error() <a href="../../builtin/index.html#string">string</a></pre>
  666. <h2 id="pkg-note-BUG">Bugs</h2>
  667. <ul style="list-style: none; padding: 0;">
  668. <li><a href="http://localhost:6060/src/crypto/tls/tls.go?s=244:485#L1">&#x261e;</a> The crypto/tls package does not implement countermeasures
  669. against Lucky13 attacks on CBC-mode encryption. See
  670. http://www.isg.rhul.ac.uk/tls/TLStiming.pdf and
  671. https://www.imperialviolet.org/2013/02/04/luckythirteen.html.
  672. </li>
  673. </ul>
  674. <div id="footer">
  675. Build version go1.6.<br>
  676. Except as <a href="https://developers.google.com/site-policies#restrictions">noted</a>,
  677. the content of this page is licensed under the
  678. Creative Commons Attribution 3.0 License,
  679. and code is licensed under a <a href="http://localhost:6060/LICENSE">BSD license</a>.<br>
  680. <a href="http://localhost:6060/doc/tos.html">Terms of Service</a> |
  681. <a href="http://www.google.com/intl/en/policies/privacy/">Privacy Policy</a>
  682. </div>
  683. </div><!-- .container -->
  684. </div><!-- #page -->
  685. <!-- TODO(adonovan): load these from <head> using "defer" attribute? -->
  686. <script type="text/javascript" src="../../../lib/godoc/jquery.js"></script>
  687. <script type="text/javascript" src="../../../lib/godoc/jquery.treeview.js"></script>
  688. <script type="text/javascript" src="../../../lib/godoc/jquery.treeview.edit.js"></script>
  689. <script type="text/javascript" src="../../../lib/godoc/godocs.js"></script>
  690. </body>
  691. </html>