tls

package standard library

Go to main page

Versions in this module

go1

go1.18.10

Jan 10, 2023 GO-2023-1570GO-2023-1987GO-2023-2375GO-2025-4008GO-2026-4337GO-2026-4340GO-2026-4870

GO-2023-1570: Panic on large handshake records in crypto/tls

GO-2023-1987: Large RSA keys can cause high CPU usage in crypto/tls

GO-2023-2375: Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel

GO-2025-4008: ALPN negotiation error contains attacker controlled information in crypto/tls

GO-2026-4337: Unexpected session resumption in crypto/tls

GO-2026-4340: Handshake messages may be processed at the incorrect encryption level in crypto/tls

GO-2026-4870: Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls

Changes in this version

+ const TLS_AES_128_GCM_SHA256

+ const TLS_AES_256_GCM_SHA384

+ const TLS_CHACHA20_POLY1305_SHA256

+ const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

+ const TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

+ const TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

+ const TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

+ const TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

+ const TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305

+ const TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

+ const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

+ const TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

+ const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

+ const TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

+ const TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

+ const TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

+ const TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

+ const TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

+ const TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

+ const TLS_ECDHE_RSA_WITH_RC4_128_SHA

+ const TLS_FALLBACK_SCSV

+ const TLS_RSA_WITH_3DES_EDE_CBC_SHA

+ const TLS_RSA_WITH_AES_128_CBC_SHA

+ const TLS_RSA_WITH_AES_128_CBC_SHA256

+ const TLS_RSA_WITH_AES_128_GCM_SHA256

+ const TLS_RSA_WITH_AES_256_CBC_SHA

+ const TLS_RSA_WITH_AES_256_GCM_SHA384

+ const TLS_RSA_WITH_RC4_128_SHA

+ const VersionSSL30

+ const VersionTLS10

+ const VersionTLS11

+ const VersionTLS12

+ const VersionTLS13

+ func CipherSuiteName(id uint16) string

+ func Listen(network, laddr string, config *Config) (net.Listener, error)

+ func NewListener(inner net.Listener, config *Config) net.Listener

+ type Certificate struct

+ Certificate [][]byte

+ Leaf *x509.Certificate

+ OCSPStaple []byte

+ PrivateKey crypto.PrivateKey

+ SignedCertificateTimestamps [][]byte

+ SupportedSignatureAlgorithms []SignatureScheme

+ func LoadX509KeyPair(certFile, keyFile string) (Certificate, error)

+ func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error)

+ type CertificateRequestInfo struct

+ AcceptableCAs [][]byte

+ SignatureSchemes []SignatureScheme

+ Version uint16

+ func (c *CertificateRequestInfo) Context() context.Context

+ func (cri *CertificateRequestInfo) SupportsCertificate(c *Certificate) error

+ type CipherSuite struct

+ ID uint16

+ Insecure bool

+ Name string

+ SupportedVersions []uint16

+ func CipherSuites() []*CipherSuite

+ func InsecureCipherSuites() []*CipherSuite

+ type ClientAuthType int

+ const NoClientCert

+ const RequestClientCert

+ const RequireAndVerifyClientCert

+ const RequireAnyClientCert

+ const VerifyClientCertIfGiven

+ func (i ClientAuthType) String() string

+ type ClientHelloInfo struct

+ CipherSuites []uint16

+ Conn net.Conn

+ ServerName string

+ SignatureSchemes []SignatureScheme

+ SupportedCurves []CurveID

+ SupportedPoints []uint8

+ SupportedProtos []string

+ SupportedVersions []uint16

+ func (c *ClientHelloInfo) Context() context.Context

+ func (chi *ClientHelloInfo) SupportsCertificate(c *Certificate) error

+ type ClientSessionCache interface

+ Get func(sessionKey string) (session *ClientSessionState, ok bool)

+ Put func(sessionKey string, cs *ClientSessionState)

+ func NewLRUClientSessionCache(capacity int) ClientSessionCache

+ type ClientSessionState struct

+ type Config struct

+ Certificates []Certificate

+ CipherSuites []uint16

+ ClientAuth ClientAuthType

+ ClientCAs *x509.CertPool

+ ClientSessionCache ClientSessionCache

+ CurvePreferences []CurveID

+ DynamicRecordSizingDisabled bool

+ GetCertificate func(*ClientHelloInfo) (*Certificate, error)

+ GetClientCertificate func(*CertificateRequestInfo) (*Certificate, error)

+ GetConfigForClient func(*ClientHelloInfo) (*Config, error)

+ InsecureSkipVerify bool

+ KeyLogWriter io.Writer

+ MaxVersion uint16

+ MinVersion uint16

+ NameToCertificate map[string]*Certificate

+ NextProtos []string

+ PreferServerCipherSuites bool

+ Rand io.Reader

+ Renegotiation RenegotiationSupport

+ RootCAs *x509.CertPool

+ ServerName string

+ SessionTicketKey [32]byte

+ SessionTicketsDisabled bool

+ Time func() time.Time

+ VerifyConnection func(ConnectionState) error

+ VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error

+ func (c *Config) BuildNameToCertificate()

+ func (c *Config) Clone() *Config

+ func (c *Config) SetSessionTicketKeys(keys [][32]byte)

+ type Conn struct

+ func Client(conn net.Conn, config *Config) *Conn

+ func Dial(network, addr string, config *Config) (*Conn, error)

+ func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error)

+ func Server(conn net.Conn, config *Config) *Conn

+ func (c *Conn) Close() error

+ func (c *Conn) CloseWrite() error

+ func (c *Conn) ConnectionState() ConnectionState

+ func (c *Conn) Handshake() error

+ func (c *Conn) HandshakeContext(ctx context.Context) error

+ func (c *Conn) LocalAddr() net.Addr

+ func (c *Conn) NetConn() net.Conn

+ func (c *Conn) OCSPResponse() []byte

+ func (c *Conn) Read(b []byte) (int, error)

+ func (c *Conn) RemoteAddr() net.Addr

+ func (c *Conn) SetDeadline(t time.Time) error

+ func (c *Conn) SetReadDeadline(t time.Time) error

+ func (c *Conn) SetWriteDeadline(t time.Time) error

+ func (c *Conn) VerifyHostname(host string) error

+ func (c *Conn) Write(b []byte) (int, error)

+ type ConnectionState struct

+ CipherSuite uint16

+ DidResume bool

+ HandshakeComplete bool

+ NegotiatedProtocol string

+ NegotiatedProtocolIsMutual bool

+ OCSPResponse []byte

+ PeerCertificates []*x509.Certificate

+ ServerName string

+ SignedCertificateTimestamps [][]byte

+ TLSUnique []byte

+ VerifiedChains [][]*x509.Certificate

+ Version uint16

+ func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error)

+ type CurveID uint16

+ const CurveP256

+ const CurveP384

+ const CurveP521

+ const X25519

+ func (i CurveID) String() string

+ type Dialer struct

+ Config *Config

+ NetDialer *net.Dialer

+ func (d *Dialer) Dial(network, addr string) (net.Conn, error)

+ func (d *Dialer) DialContext(ctx context.Context, network, addr string) (net.Conn, error)

+ type RecordHeaderError struct

+ Conn net.Conn

+ Msg string

+ RecordHeader [5]byte

+ func (e RecordHeaderError) Error() string

+ type RenegotiationSupport int

+ const RenegotiateFreelyAsClient

+ const RenegotiateNever

+ const RenegotiateOnceAsClient

+ type SignatureScheme uint16

+ const ECDSAWithP256AndSHA256

+ const ECDSAWithP384AndSHA384

+ const ECDSAWithP521AndSHA512

+ const ECDSAWithSHA1

+ const Ed25519

+ const PKCS1WithSHA1

+ const PKCS1WithSHA256

+ const PKCS1WithSHA384

+ const PKCS1WithSHA512

+ const PSSWithSHA256

+ const PSSWithSHA384

+ const PSSWithSHA512

+ func (i SignatureScheme) String() string

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL