Documentation
¶
Index ¶
Constants ¶
View Source
const ( ProtocolHTTP11 = "http/1.1" ProtocolHTTP2 = "h2" ProtocolHTTP3 = "h3" )
支持的协议常量
Variables ¶
View Source
var ( ModernCipherSuites = []string{ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256", "TLS_AES_256_GCM_SHA384", } // 现代密码套件 (TLS 1.3 + 安全的 TLS 1.2) CompatibleCipherSuites = []string{ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256", } // 兼容性密码套件 (包含更多旧版本支持) )
预定义的密码套件组合
View Source
var ( ModernProtocols = []string{ProtocolHTTP11, ProtocolHTTP2} // 现代协议 (HTTP/1.1 + HTTP/2) CompatibleProtocols = []string{ProtocolHTTP11} // 兼容性协议 (只支持 HTTP/1.1) AllProtocols = []string{ProtocolHTTP11, ProtocolHTTP2, ProtocolHTTP3} // 全协议支持 )
预定义的协议组合
View Source
var CipherSuiteMapping = map[string]uint16{ "TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256, "TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384, "TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, "TLS_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_RSA_WITH_AES_128_GCM_SHA256, "TLS_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS_RSA_WITH_AES_128_CBC_SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA, "TLS_RSA_WITH_AES_256_CBC_SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA, }
CipherSuiteMapping 密码套件映射
View Source
var CurvePreferencesMap = map[string]tls.CurveID{ "CurveP256": tls.CurveP256, "CurveP384": tls.CurveP384, "CurveP521": tls.CurveP521, "X25519": tls.X25519, "X25519MLKEM768": tls.X25519MLKEM768, }
View Source
var TLSVersionMapping = map[string]uint16{ "TLS10": tls.VersionTLS10, "TLS11": tls.VersionTLS11, "TLS12": tls.VersionTLS12, "TLS13": tls.VersionTLS13, }
TLSVersionMapping TLS版本映射
Functions ¶
func GetAvailableCipherSuites ¶
func GetAvailableCipherSuites() []string
GetAvailableCipherSuites 获取所有可用的密码套件名称
func GetCipherSuiteName ¶
GetCipherSuiteName 根据 ID 获取密码套件名称
func ParseCipherSuites ¶
ParseCipherSuites 将字符串密码套件名称转换为对应的 ID
func ParseTLSVersion ¶
ParseTLSVersion 解析TLS版本字符串
Types ¶
type Certificate ¶
type TLSConfig ¶
type TLSConfig struct {
Enable bool `json:"enable" yaml:"enable"`
Certificates []Certificate `json:"certificates" yaml:"certificates"` // 证书
RootCAFile []string `json:"root_ca_file" yaml:"root_ca_file"` // 根CA文件
NextProtos []string `json:"next_protos" yaml:"next_protos"` // 支持的协议
ServerName string `json:"server_name" yaml:"server_name"` // 服务器名称
// 0 不验证客户端证书
// 1 请求客户端证书但不强制验证
// 2 要求客户端证书但不验证CA
// 3 如果提供客户端证书则验证
// 4 要求并验证客户端证书
ClientAuth tls.ClientAuthType `json:"client_auth" yaml:"client_auth"` // 客户端验证
ClientCAFile []string `json:"client_ca_file" yaml:"client_ca_file"` // 客户端CA文件
InsecureSkipVerify bool `json:"insecure_skip_verify" yaml:"insecure_skip_verify"` // 跳过验证
CipherSuites []string `json:"cipher_suites" yaml:"cipher_suites"` // 密钥套件
CurvePreferences []string `json:"curve_preferences" yaml:"curve_preferences"` // 曲线偏好
SessionTicketsDisabled bool `json:"session_tickets_disabled" yaml:"session_tickets_disabled"` // 禁用会话密钥
MinVersion string `json:"min_version" yaml:"min_version"` // 最低TLS版本
MaxVersion string `json:"max_version" yaml:"max_version"` // 最高TLS版本
DynamicRecordSizingDisabled bool `json:"dynamic_record_sizing_disabled" yaml:"dynamic_record_sizing_disabled"` // 动态记录大小禁用
Renegotiation tls.RenegotiationSupport `json:"renegotiation" yaml:"renegotiation"` // 重新协商
}
noinspection all
func CompatibleTLSConfig ¶
func CompatibleTLSConfig() *TLSConfig
CompatibleTLSConfig 返回一个兼容性更好的 TLS 配置
Source Files
Click to show internal directories.
Click to hide internal directories.