Black Lives Matter. Support the Equal Justice Initiative.

Package tls

import "crypto/tls"

Overview ▾

包tls部分实现RFC 5246中指定的TLS 1.2和RFC 8446中指定的TLS 1.3.

Index ▾

func CipherSuiteName(id uint16) string
func Listen(network, laddr string, config *Config) (net.Listener, error)
func NewListener(inner net.Listener, config *Config) net.Listener
type Certificate
    func LoadX509KeyPair(certFile, keyFile string) (Certificate, error)
    func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error)
type CertificateRequestInfo
    func (cri *CertificateRequestInfo) SupportsCertificate(c *Certificate) error
type CipherSuite
    func CipherSuites() []*CipherSuite
    func InsecureCipherSuites() []*CipherSuite
type ClientAuthType
type ClientHelloInfo
    func (chi *ClientHelloInfo) SupportsCertificate(c *Certificate) error
type ClientSessionCache
    func NewLRUClientSessionCache(capacity int) ClientSessionCache
type ClientSessionState
type Config
    func (c *Config) BuildNameToCertificate()
    func (c *Config) Clone() *Config
    func (c *Config) SetSessionTicketKeys(keys [][32]byte)
type Conn
    func Client(conn net.Conn, config *Config) *Conn
    func Dial(network, addr string, config *Config) (*Conn, error)
    func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error)
    func Server(conn net.Conn, config *Config) *Conn
    func (c *Conn) Close() error
    func (c *Conn) CloseWrite() error
    func (c *Conn) ConnectionState() ConnectionState
    func (c *Conn) Handshake() error
    func (c *Conn) LocalAddr() net.Addr
    func (c *Conn) OCSPResponse() []byte
    func (c *Conn) Read(b []byte) (int, error)
    func (c *Conn) RemoteAddr() net.Addr
    func (c *Conn) SetDeadline(t time.Time) error
    func (c *Conn) SetReadDeadline(t time.Time) error
    func (c *Conn) SetWriteDeadline(t time.Time) error
    func (c *Conn) VerifyHostname(host string) error
    func (c *Conn) Write(b []byte) (int, error)
type ConnectionState
    func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error)
type CurveID
type RecordHeaderError
    func (e RecordHeaderError) Error() string
type RenegotiationSupport
type SignatureScheme

Package files

alert.go auth.go cipher_suites.go common.go conn.go handshake_client.go handshake_client_tls13.go handshake_messages.go handshake_server.go handshake_server_tls13.go key_agreement.go key_schedule.go prf.go ticket.go tls.go




const (
    // TLS 1.0 - 1.2 cipher suites.
    TLS_RSA_WITH_RC4_128_SHA                      uint16 = 0x0005
    TLS_RSA_WITH_3DES_EDE_CBC_SHA                 uint16 = 0x000a
    TLS_RSA_WITH_AES_128_CBC_SHA                  uint16 = 0x002f
    TLS_RSA_WITH_AES_256_CBC_SHA                  uint16 = 0x0035
    TLS_RSA_WITH_AES_128_CBC_SHA256               uint16 = 0x003c
    TLS_RSA_WITH_AES_128_GCM_SHA256               uint16 = 0x009c
    TLS_RSA_WITH_AES_256_GCM_SHA384               uint16 = 0x009d
    TLS_ECDHE_ECDSA_WITH_RC4_128_SHA              uint16 = 0xc007
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA          uint16 = 0xc009
    TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA          uint16 = 0xc00a
    TLS_ECDHE_RSA_WITH_RC4_128_SHA                uint16 = 0xc011
    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA           uint16 = 0xc012
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA            uint16 = 0xc013
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA            uint16 = 0xc014
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256       uint16 = 0xc023
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256         uint16 = 0xc027
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256         uint16 = 0xc02f
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256       uint16 = 0xc02b
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384         uint16 = 0xc030
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384       uint16 = 0xc02c
    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   uint16 = 0xcca8
    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uint16 = 0xcca9

    // TLS 1.3 cipher suites.
    TLS_AES_128_GCM_SHA256       uint16 = 0x1301
    TLS_AES_256_GCM_SHA384       uint16 = 0x1302
    TLS_CHACHA20_POLY1305_SHA256 uint16 = 0x1303

    // TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator
    // that the client is doing version fallback. See RFC 7507.
    TLS_FALLBACK_SCSV uint16 = 0x5600

    // Legacy names for the corresponding cipher suites with the correct _SHA256
    // suffix, retained for backward compatibility.
const (
    VersionTLS10 = 0x0301
    VersionTLS11 = 0x0302
    VersionTLS12 = 0x0303
    VersionTLS13 = 0x0304

    // Deprecated: SSLv3 is cryptographically broken, and is no longer
    // supported by this package. See
    VersionSSL30 = 0x0300

func CipherSuiteName 1.14

func CipherSuiteName(id uint16) string

CipherSuiteName返回所传递的密码套件ID的标准名称(例如" TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"),如果此套件未实现密码套件,则返回ID值的后备表示形式.

func Listen

func Listen(network, laddr string, config *Config) (net.Listener, error)

侦听创建一个TLS侦听器,该侦听器使用net.Listen接受给定网络地址上的连接. 配置配置必须为非nil,并且必须至少包含一个证书或设置GetCertificate.

func NewListener

func NewListener(inner net.Listener, config *Config) net.Listener

NewListener创建一个侦听器,该侦听器接受来自内部侦听器的连接,并包装与服务器的每个连接. 配置config必须为非null,并且必须至少包含一个证书或设置GetCertificate.

type Certificate


type Certificate struct {
    Certificate [][]byte
    // PrivateKey contains the private key corresponding to the public key in
    // Leaf. This must implement crypto.Signer with an RSA, ECDSA or Ed25519 PublicKey.
    // For a server up to TLS 1.2, it can also implement crypto.Decrypter with
    // an RSA PublicKey.
    PrivateKey crypto.PrivateKey
    // SupportedSignatureAlgorithms is an optional list restricting what
    // signature algorithms the PrivateKey can be used for.
    SupportedSignatureAlgorithms []SignatureScheme // Go 1.14
    // OCSPStaple contains an optional OCSP response which will be served
    // to clients that request it.
    OCSPStaple []byte
    // SignedCertificateTimestamps contains an optional list of Signed
    // Certificate Timestamps which will be served to clients that request it.
    SignedCertificateTimestamps [][]byte // Go 1.5
    // Leaf is the parsed form of the leaf certificate, which may be initialized
    // using x509.ParseCertificate to reduce per-handshake processing. If nil,
    // the leaf certificate will be parsed as needed.
    Leaf *x509.Certificate

func LoadX509KeyPair

func LoadX509KeyPair(certFile, keyFile string) (Certificate, error)

LoadX509KeyPair从一对文件读取并解析公共/私有密钥对. 这些文件必须包含PEM编码的数据. 证书文件可以在叶证书之后包含中间证书,以形成证书链. 成功返回后,Certificate.Leaf将为零,因为未保留证书的解析形式.


func X509KeyPair

func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error)

X509KeyPair从一对PEM编码数据中解析一个公共/私有密钥对. 成功返回后,Certificate.Leaf将为零,因为未保留证书的解析形式.



type CertificateRequestInfo 1.8


type CertificateRequestInfo struct {
    // AcceptableCAs contains zero or more, DER-encoded, X.501
    // Distinguished Names. These are the names of root or intermediate CAs
    // that the server wishes the returned certificate to be signed by. An
    // empty slice indicates that the server has no preference.
    AcceptableCAs [][]byte

    // SignatureSchemes lists the signature schemes that the server is
    // willing to verify.
    SignatureSchemes []SignatureScheme

    // Version is the TLS version that was negotiated for this connection.
    Version uint16 // Go 1.14

func (*CertificateRequestInfo) SupportsCertificate 1.14

func (cri *CertificateRequestInfo) SupportsCertificate(c *Certificate) error

如果发送CertificateRequest的服务器支持所提供的证书,则SupportsCertificate返回nil. 否则,它将返回描述不兼容原因的错误.

type CipherSuite 1.14

CipherSuite是TLS密码套件. 请注意,此软件包中的大多数功能都接受并公开密码套件ID,而不是此类型.

type CipherSuite struct {
    ID   uint16
    Name string

    // Supported versions is the list of TLS protocol versions that can
    // negotiate this cipher suite.
    SupportedVersions []uint16

    // Insecure is true if the cipher suite has known security issues
    // due to its primitives, design, or implementation.
    Insecure bool

func CipherSuites 1.14

func CipherSuites() []*CipherSuite


该列表按ID排序. 请注意,此程序包选择的默认密码套件可能取决于静态列表无法捕获的逻辑.

func InsecureCipherSuites 1.14

func InsecureCipherSuites() []*CipherSuite


Most applications should not use the cipher suites in this list, and should only use those returned by CipherSuites.

type ClientAuthType


type ClientAuthType int
const (
    NoClientCert ClientAuthType = iota

type ClientHelloInfo 1.4


type ClientHelloInfo struct {
    // CipherSuites lists the CipherSuites supported by the client (e.g.
    CipherSuites []uint16

    // ServerName indicates the name of the server requested by the client
    // in order to support virtual hosting. ServerName is only set if the
    // client is using SNI (see RFC 4366, Section 3.1).
    ServerName string

    // SupportedCurves lists the elliptic curves supported by the client.
    // SupportedCurves is set only if the Supported Elliptic Curves
    // Extension is being used (see RFC 4492, Section 5.1.1).
    SupportedCurves []CurveID

    // SupportedPoints lists the point formats supported by the client.
    // SupportedPoints is set only if the Supported Point Formats Extension
    // is being used (see RFC 4492, Section 5.1.2).
    SupportedPoints []uint8

    // SignatureSchemes lists the signature and hash schemes that the client
    // is willing to verify. SignatureSchemes is set only if the Signature
    // Algorithms Extension is being used (see RFC 5246, Section
    SignatureSchemes []SignatureScheme // Go 1.8

    // SupportedProtos lists the application protocols supported by the client.
    // SupportedProtos is set only if the Application-Layer Protocol
    // Negotiation Extension is being used (see RFC 7301, Section 3.1).
    // Servers can select a protocol by setting Config.NextProtos in a
    // GetConfigForClient return value.
    SupportedProtos []string // Go 1.8

    // SupportedVersions lists the TLS versions supported by the client.
    // For TLS versions less than 1.3, this is extrapolated from the max
    // version advertised by the client, so values other than the greatest
    // might be rejected if used.
    SupportedVersions []uint16 // Go 1.8

    // Conn is the underlying net.Conn for the connection. Do not read
    // from, or write to, this connection; that will cause the TLS
    // connection to fail.
    Conn net.Conn // Go 1.8
    // contains filtered or unexported fields

func (*ClientHelloInfo) SupportsCertificate 1.14

func (chi *ClientHelloInfo) SupportsCertificate(c *Certificate) error

如果发送ClientHello的客户端支持所提供的证书,则SupportsCertificate返回nil. 否则,它将返回描述不兼容原因的错误.

如果将此ClientHelloInfo传递给GetConfigForClient或GetCertificate回调,则此方法将考虑关联的Config. 请注意,如果GetConfigForClient返回一个不同的Config,则此方法无法解决更改.


type ClientSessionCache 1.3

ClientSessionCache是​​ClientSessionState对象的缓存,客户端可以使用它来恢复与给定服务器的TLS会话. 应该从不同的goroutine中并发调用ClientSessionCache实现. 直到TLS 1.2,仅支持基于票证的恢复,不支持基于SessionID的恢复. 在TLS 1.3中,它们已合并为PSK模式,此接口支持这些模式.

type ClientSessionCache interface {
    // Get searches for a ClientSessionState associated with the given key.
    // On return, ok is true if one was found.
    Get(sessionKey string) (session *ClientSessionState, ok bool)

    // Put adds the ClientSessionState to the cache with the given key. It might
    // get called multiple times in a connection if a TLS 1.3 server provides
    // more than one session ticket. If called with a nil *ClientSessionState,
    // it should remove the cache entry.
    Put(sessionKey string, cs *ClientSessionState)

func NewLRUClientSessionCache 1.3

func NewLRUClientSessionCache(capacity int) ClientSessionCache

NewLRUClientSessionCache返回具有使用LRU策略的给定容量的ClientSessionCache. 如果容量<1,则使用默认容量.

type ClientSessionState 1.3


type ClientSessionState struct {
    // contains filtered or unexported fields

type Config

Config结构用于配置TLS客户端或服务器. 将一个传递给TLS函数后,不得对其进行修改. Config可以重用; tls软件包也不会对其进行修改.

type Config struct {
    // Rand provides the source of entropy for nonces and RSA blinding.
    // If Rand is nil, TLS uses the cryptographic random reader in package
    // crypto/rand.
    // The Reader must be safe for use by multiple goroutines.
    Rand io.Reader

    // Time returns the current time as the number of seconds since the epoch.
    // If Time is nil, TLS uses time.Now.
    Time func() time.Time

    // Certificates contains one or more certificate chains to present to the
    // other side of the connection. The first certificate compatible with the
    // peer's requirements is selected automatically.
    // Server configurations must set one of Certificates, GetCertificate or
    // GetConfigForClient. Clients doing client-authentication may set either
    // Certificates or GetClientCertificate.
    // Note: if there are multiple Certificates, and they don't have the
    // optional field Leaf set, certificate selection will incur a significant
    // per-handshake performance cost.
    Certificates []Certificate

    // NameToCertificate maps from a certificate name to an element of
    // Certificates. Note that a certificate name can be of the form
    // '*' and so doesn't have to be a domain name as such.
    // Deprecated: NameToCertificate only allows associating a single
    // certificate with a given name. Leave this field nil to let the library
    // select the first compatible chain from Certificates.
    NameToCertificate map[string]*Certificate

    // GetCertificate returns a Certificate based on the given
    // ClientHelloInfo. It will only be called if the client supplies SNI
    // information or if Certificates is empty.
    // If GetCertificate is nil or returns nil, then the certificate is
    // retrieved from NameToCertificate. If NameToCertificate is nil, the
    // best element of Certificates will be used.
    GetCertificate func(*ClientHelloInfo) (*Certificate, error) // Go 1.4

    // GetClientCertificate, if not nil, is called when a server requests a
    // certificate from a client. If set, the contents of Certificates will
    // be ignored.
    // If GetClientCertificate returns an error, the handshake will be
    // aborted and that error will be returned. Otherwise
    // GetClientCertificate must return a non-nil Certificate. If
    // Certificate.Certificate is empty then no certificate will be sent to
    // the server. If this is unacceptable to the server then it may abort
    // the handshake.
    // GetClientCertificate may be called multiple times for the same
    // connection if renegotiation occurs or if TLS 1.3 is in use.
    GetClientCertificate func(*CertificateRequestInfo) (*Certificate, error) // Go 1.8

    // GetConfigForClient, if not nil, is called after a ClientHello is
    // received from a client. It may return a non-nil Config in order to
    // change the Config that will be used to handle this connection. If
    // the returned Config is nil, the original Config will be used. The
    // Config returned by this callback may not be subsequently modified.
    // If GetConfigForClient is nil, the Config passed to Server() will be
    // used for all connections.
    // Uniquely for the fields in the returned Config, session ticket keys
    // will be duplicated from the original Config if not set.
    // Specifically, if SetSessionTicketKeys was called on the original
    // config but not on the returned config then the ticket keys from the
    // original config will be copied into the new config before use.
    // Otherwise, if SessionTicketKey was set in the original config but
    // not in the returned config then it will be copied into the returned
    // config before use. If neither of those cases applies then the key
    // material from the returned config will be used for session tickets.
    GetConfigForClient func(*ClientHelloInfo) (*Config, error) // Go 1.8

    // VerifyPeerCertificate, if not nil, is called after normal
    // certificate verification by either a TLS client or server. It
    // receives the raw ASN.1 certificates provided by the peer and also
    // any verified chains that normal processing found. If it returns a
    // non-nil error, the handshake is aborted and that error results.
    // If normal verification fails then the handshake will abort before
    // considering this callback. If normal verification is disabled by
    // setting InsecureSkipVerify, or (for a server) when ClientAuth is
    // RequestClientCert or RequireAnyClientCert, then this callback will
    // be considered but the verifiedChains argument will always be nil.
    VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error // Go 1.8

    // RootCAs defines the set of root certificate authorities
    // that clients use when verifying server certificates.
    // If RootCAs is nil, TLS uses the host's root CA set.
    RootCAs *x509.CertPool

    // NextProtos is a list of supported application level protocols, in
    // order of preference.
    NextProtos []string

    // ServerName is used to verify the hostname on the returned
    // certificates unless InsecureSkipVerify is given. It is also included
    // in the client's handshake to support virtual hosting unless it is
    // an IP address.
    ServerName string

    // ClientAuth determines the server's policy for
    // TLS Client Authentication. The default is NoClientCert.
    ClientAuth ClientAuthType

    // ClientCAs defines the set of root certificate authorities
    // that servers use if required to verify a client certificate
    // by the policy in ClientAuth.
    ClientCAs *x509.CertPool

    // InsecureSkipVerify controls whether a client verifies the
    // server's certificate chain and host name.
    // If InsecureSkipVerify is true, TLS accepts any certificate
    // presented by the server and any host name in that certificate.
    // In this mode, TLS is susceptible to man-in-the-middle attacks.
    // This should be used only for testing.
    InsecureSkipVerify bool

    // CipherSuites is a list of supported cipher suites for TLS versions up to
    // TLS 1.2. If CipherSuites is nil, a default list of secure cipher suites
    // is used, with a preference order based on hardware performance. The
    // default cipher suites might change over Go versions. Note that TLS 1.3
    // ciphersuites are not configurable.
    CipherSuites []uint16

    // PreferServerCipherSuites controls whether the server selects the
    // client's most preferred ciphersuite, or the server's most preferred
    // ciphersuite. If true then the server's preference, as expressed in
    // the order of elements in CipherSuites, is used.
    PreferServerCipherSuites bool // Go 1.1

    // SessionTicketsDisabled may be set to true to disable session ticket and
    // PSK (resumption) support. Note that on clients, session ticket support is
    // also disabled if ClientSessionCache is nil.
    SessionTicketsDisabled bool // Go 1.1

    // SessionTicketKey is used by TLS servers to provide session resumption.
    // See RFC 5077 and the PSK mode of RFC 8446. If zero, it will be filled
    // with random data before the first server handshake.
    // If multiple servers are terminating connections for the same host
    // they should all have the same SessionTicketKey. If the
    // SessionTicketKey leaks, previously recorded and future TLS
    // connections using that key might be compromised.
    SessionTicketKey [32]byte // Go 1.1

    // ClientSessionCache is a cache of ClientSessionState entries for TLS
    // session resumption. It is only used by clients.
    ClientSessionCache ClientSessionCache // Go 1.3

    // MinVersion contains the minimum TLS version that is acceptable.
    // If zero, TLS 1.0 is currently taken as the minimum.
    MinVersion uint16 // Go 1.2

    // MaxVersion contains the maximum TLS version that is acceptable.
    // If zero, the maximum version supported by this package is used,
    // which is currently TLS 1.3.
    MaxVersion uint16 // Go 1.2

    // CurvePreferences contains the elliptic curves that will be used in
    // an ECDHE handshake, in preference order. If empty, the default will
    // be used. The client will use the first preference as the type for
    // its key share in TLS 1.3. This may change in the future.
    CurvePreferences []CurveID // Go 1.3

    // DynamicRecordSizingDisabled disables adaptive sizing of TLS records.
    // When true, the largest possible TLS record size is always used. When
    // false, the size of TLS records may be adjusted in an attempt to
    // improve latency.
    DynamicRecordSizingDisabled bool // Go 1.7

    // Renegotiation controls what types of renegotiation are supported.
    // The default, none, is correct for the vast majority of applications.
    Renegotiation RenegotiationSupport // Go 1.7

    // KeyLogWriter optionally specifies a destination for TLS master secrets
    // in NSS key log format that can be used to allow external programs
    // such as Wireshark to decrypt TLS connections.
    // See
    // Use of KeyLogWriter compromises security and should only be
    // used for debugging.
    KeyLogWriter io.Writer // Go 1.8
    // contains filtered or unexported fields



func (*Config) BuildNameToCertificate

func (c *Config) BuildNameToCertificate()


不推荐使用:NameToCertificate仅允许将单个证书与给定名称相关联. 将该字段保留为零,以使库从证书中选择第一个兼容链.

func (*Config) Clone 1.8

func (c *Config) Clone() *Config

Clone返回c的浅表克隆. 克隆TLS客户端或服务器同时使用的Config是安全的.

func (*Config) SetSessionTicketKeys 1.5

func (c *Config) SetSessionTicketKeys(keys [][32]byte)

SetSessionTicketKeys更新服务器的会话票证密钥. 创建新票证时将使用第一个密钥,而所有密钥都可用于解密票证. 在服务器运行时可以安全地调用此函数以旋转会话票证密钥. 如果按键为空,该功能将出现紧急情况.

type Conn

A Conn represents a secured connection. It implements the net.Conn interface.

type Conn struct {
    // contains filtered or unexported fields

func Client

func Client(conn net.Conn, config *Config) *Conn

客户端使用conn作为基础传输返回新的TLS客户端连接. 配置不能为nil:用户必须在配置中设置ServerName或InsecureSkipVerify.

func Dial

func Dial(network, addr string, config *Config) (*Conn, error)

Dial使用net.Dial连接到给定的网络地址,然后启动TLS握手,返回生成的TLS连接. Dial将nil配置解释为等同于零配置; 有关默认值,请参见Config文档.


func DialWithDialer 1.3

func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error)

DialWithDialer使用Dialer.Dial连接到给定的网络地址,然后启动TLS握手,并返回生成的TLS连接. 拨号程序中给出的任何超时或最后期限都适用于整个连接和TLS握手.

DialWithDialer会将nil配置解释为与零配置等效; 有关默认值,请参见Config文档.

func Server

func Server(conn net.Conn, config *Config) *Conn

服务器使用conn作为基础传输返回新的TLS服务器端连接. 配置config必须为非null,并且必须至少包含一个证书或设置GetCertificate.

func (*Conn) Close

func (c *Conn) Close() error


func (*Conn) CloseWrite 1.8

func (c *Conn) CloseWrite() error

CloseWrite关闭连接的写入端. 仅应在握手完成后调用它,并且不能在基础连接上调用CloseWrite. 大多数呼叫者应该只使用Close.

func (*Conn) ConnectionState

func (c *Conn) ConnectionState() ConnectionState


func (*Conn) Handshake

func (c *Conn) Handshake() error

握手运行客户端或服务器握手协议(如果尚未运行). 此软件包的大多数用法不需要​​显式调用Handshake:第一个Read或Write将自动调用它.

func (*Conn) LocalAddr

func (c *Conn) LocalAddr() net.Addr


func (*Conn) OCSPResponse

func (c *Conn) OCSPResponse() []byte

OCSPResponse从TLS服务器返回装订的OCSP响应(如果有). (仅对客户端连接有效.)

func (*Conn) Read

func (c *Conn) Read(b []byte) (int, error)

在固定的时间限制后,Timeout()== true的错误可以使超时并返回net. 请参见SetDeadline和SetReadDeadline.

func (*Conn) RemoteAddr

func (c *Conn) RemoteAddr() net.Addr


func (*Conn) SetDeadline

func (c *Conn) SetDeadline(t time.Time) error

SetDeadline设置与连接关联的读写期限. t的值为零表示读和写不会超时. 写超时后,TLS状态已损坏,以后所有写操作都将返回相同的错误.

func (*Conn) SetReadDeadline

func (c *Conn) SetReadDeadline(t time.Time) error

SetReadDeadline设置基础连接上的读取期限. t的值为零表示读取不会超时.

func (*Conn) SetWriteDeadline

func (c *Conn) SetWriteDeadline(t time.Time) error

SetWriteDeadline设置基础连接上的写入期限. t的值为零表示写入不会超时. 写超时后,TLS状态已损坏,以后所有写操作都将返回相同的错误.

func (*Conn) VerifyHostname

func (c *Conn) VerifyHostname(host string) error

VerifyHostname检查对等证书链对于连接到主机是否有效. 如果是这样,则返回nil;否则返回0. 如果不是,则返回描述问题的错误.

func (*Conn) Write

func (c *Conn) Write(b []byte) (int, error)


type ConnectionState


type ConnectionState struct {
    Version                     uint16                // TLS version used by the connection (e.g. VersionTLS12); added in Go 1.3
    HandshakeComplete           bool                  // TLS handshake is complete
    DidResume                   bool                  // connection resumes a previous TLS connection; added in Go 1.1
    CipherSuite                 uint16                // cipher suite in use (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, ...)
    NegotiatedProtocol          string                // negotiated next protocol (not guaranteed to be from Config.NextProtos)
    NegotiatedProtocolIsMutual  bool                  // negotiated protocol was advertised by server (client side only)
    ServerName                  string                // server name requested by client, if any (server side only)
    PeerCertificates            []*x509.Certificate   // certificate chain presented by remote peer
    VerifiedChains              [][]*x509.Certificate // verified chains built from PeerCertificates
    SignedCertificateTimestamps [][]byte              // SCTs from the peer, if any; added in Go 1.5
    OCSPResponse                []byte                // stapled OCSP response from peer, if any; added in Go 1.5

    // TLSUnique contains the "tls-unique" channel binding value (see RFC
    // 5929, section 3). For resumed sessions this value will be nil
    // because resumption does not include enough context (see
    // This will
    // change in future versions of Go once the TLS master-secret fix has
    // been standardized and implemented. It is not defined in TLS 1.3.
    TLSUnique []byte // Go 1.4
    // contains filtered or unexported fields

func (*ConnectionState) ExportKeyingMaterial 1.11

func (cs *ConnectionState) ExportKeyingMaterial(label string, context []byte, length int) ([]byte, error)

ExportKeyingMaterial返回在RFC 5705中定义的新切片中导出的密钥材料的长度字节.如果context为nil,则不将其用作种子的一部分. 如果将连接设置为允许通过Config.Renegotiation重新协商,则此函数将返回错误.

type CurveID 1.3

CurveID是椭圆曲线的TLS标识符的类型. 参见 .

在TLS 1.3中,此类型称为NamedGroup,但目前此库仅支持基于椭圆曲线的组. 参见RFC 8446,第4.2.7节.

type CurveID uint16
const (
    CurveP256 CurveID = 23
    CurveP384 CurveID = 24
    CurveP521 CurveID = 25
    X25519    CurveID = 29

type RecordHeaderError 1.6

RecordHeaderError is returned when a TLS record header is invalid.

type RecordHeaderError struct {
    // Msg contains a human readable string that describes the error.
    Msg string
    // RecordHeader contains the five bytes of TLS record header that
    // triggered the error.
    RecordHeader [5]byte
    // Conn provides the underlying net.Conn in the case that a client
    // sent an initial handshake that didn't look like TLS.
    // It is nil if there's already been a handshake or a TLS alert has
    // been written to the connection.
    Conn net.Conn // Go 1.12

func (RecordHeaderError) Error 1.6

func (e RecordHeaderError) Error() string

type RenegotiationSupport 1.7

RenegotiationSupport枚举了对TLS重新协商的不同级别的支持. TLS重新协商是在第一次连接之后对连接执行后续握手的行为. 这极大地使状态机复杂化,并且成为众多微妙的安全问题的根源. 不支持启动重新协商,但是可以启用对接受重新协商请求的支持.

即使启用,服务器也可能不会在两次握手之间更改其身份(即,叶子证书必须相同). 此外,不允许同时进行的握手和应用程序数据流,因此重新协商只能与与重新协商同步的协议(例如HTTPS)一起使用.

TLS 1.3中未定义重新协商.

type RenegotiationSupport int
const (
    // RenegotiateNever disables renegotiation.
    RenegotiateNever RenegotiationSupport = iota

    // RenegotiateOnceAsClient allows a remote server to request
    // renegotiation once per connection.

    // RenegotiateFreelyAsClient allows a remote server to repeatedly
    // request renegotiation.

type SignatureScheme 1.8

SignatureScheme标识TLS支持的签名算法. 参见RFC 8446第4.2.3节.

type SignatureScheme uint16
const (
    // RSASSA-PKCS1-v1_5 algorithms.
    PKCS1WithSHA256 SignatureScheme = 0x0401
    PKCS1WithSHA384 SignatureScheme = 0x0501
    PKCS1WithSHA512 SignatureScheme = 0x0601

    // RSASSA-PSS algorithms with public key OID rsaEncryption.
    PSSWithSHA256 SignatureScheme = 0x0804
    PSSWithSHA384 SignatureScheme = 0x0805
    PSSWithSHA512 SignatureScheme = 0x0806

    // ECDSA algorithms. Only constrained to a specific curve in TLS 1.3.
    ECDSAWithP256AndSHA256 SignatureScheme = 0x0403
    ECDSAWithP384AndSHA384 SignatureScheme = 0x0503
    ECDSAWithP521AndSHA512 SignatureScheme = 0x0603

    // EdDSA algorithms.
    Ed25519 SignatureScheme = 0x0807

    // Legacy signature and hash algorithms for TLS 1.2.
    PKCS1WithSHA1 SignatureScheme = 0x0201
    ECDSAWithSHA1 SignatureScheme = 0x0203