modulepackage
1.1.1
Repository: https://github.com/driftnet-io/insecure-tls.git
Documentation: pkg.go.dev
# README
Insecure TLS for Go
This is an insecure fork of golang's crypto/tls library.
It is motivated by ongoing efforts to deprecate and eventually remove weak or broken protocols and ciphers from the standard library (e.g. issues 32716, 45428, 63413), and by the need for driftnet to maintain support for those protocols and ciphers.
This fork aims for minimal deviation from the official crypto/tls, whilst supporting protocols and cipher suites which have either already been removed from the standard library, will be removed in an upcoming release, or which were never included in the first place.
The current version is based on go1.22.3.
When to use this library
This library is inherently insecure and should not be used in any situation where security is a requirement.
It might be suitable in the rare case where
- you must connect to a client or server which only supports a broken version of TLS, and
- you cannot upgrade that client or server to a non-broken version, and
- you are willing to completely give up the confidentiality, integrity and authentication that TLS provides.
In all other cases, stick to crypto/tls.
How to use this library
Instead of
import "crypto/tls"
simply
import tls "github.com/driftnet-io/insecure-tls"
As a convenience, the fork re-uses (crypto/tls).ConnectionState as-is, and makes it accessible as (github.com/driftnet-io/insecure-tls).ConnectionState.ConnectionState.
Changes with respect to the standard library
SSLv3 server support
Server-side SSLv3 support is re-introduced, and enabled by default.
SSLv3 client support
SSLv3 client support is introduced, and enabled by default.
Additional cipher suites
The following additional cipher suites are added to InsecureCipherSuites():
TLS_RSA_WITH_RC4_128_MD5(protocol versions SSLv3 to TLS 1.2),TLS_RSA_WITH_AES_256_CBC_SHA256(TLS 1.2 only),TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA(SSLv3 to TLS1.2),TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(TLS 1.2 only), andTLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(TLS 1.2 only).
Maximum size of server RSA certificates
This is usually configurable by setting GODEBUG=tlsmaxrsasize=n. However, as GODEBUG internals are not available to us outside the standard library, this is set to a fixed value of 16384 bytes.
RSA key exchange cipher suites
This code always acts as if GODEBUG=tlsrsakex=1 were set. See issue 63413.
Exporting key material
This code always acts as if GODEBUG=tlsunsafeekm=1 were set.
# Packages
No description provided by the author
# Functions
CipherSuiteName returns the standard name for the passed cipher suite ID (e.g.
CipherSuites returns a list of cipher suites currently implemented by this package, excluding those with security issues, which are returned by [InsecureCipherSuites].
Client returns a new TLS client side connection using conn as the underlying transport.
Dial connects to the given network address using net.Dial and then initiates a TLS handshake, returning the resulting TLS connection.
DialWithDialer connects to the given network address using dialer.Dial and then initiates a TLS handshake, returning the resulting TLS connection.
InsecureCipherSuites returns a list of cipher suites currently implemented by this package and which have security issues.
Listen creates a TLS listener accepting connections on the given network address using net.Listen.
LoadX509KeyPair reads and parses a public/private key pair from a pair of files.
NewListener creates a Listener which accepts connections from an inner Listener and wraps each connection with [Server].
NewLRUClientSessionCache returns a [ClientSessionCache] with the given capacity that uses an LRU strategy.
NewResumptionState returns a state value that can be returned by [ClientSessionCache.Get] to resume a previous session.
ParseSessionState parses a [SessionState] encoded by [SessionState.Bytes].
QUICClient returns a new TLS client side connection using QUICTransport as the underlying transport.
QUICServer returns a new TLS server side connection using QUICTransport as the underlying transport.
Server returns a new TLS server side connection using conn as the underlying transport.
VersionName returns the name for the provided TLS version number (e.g.
X509KeyPair parses a public/private key pair from a pair of PEM encoded data.
# Constants
No description provided by the author
No description provided by the author
No description provided by the author
ECDSA algorithms.
No description provided by the author
No description provided by the author
No description provided by the author
EdDSA algorithms.
NoClientCert indicates that no client certificate should be requested during the handshake, and if any certificates are sent they will not be verified.
Legacy signature and hash algorithms for TLS 1.2.
RSASSA-PKCS1-v1_5 algorithms.
No description provided by the author
No description provided by the author
RSASSA-PSS algorithms with public key OID rsaEncryption.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
QUICHandshakeDone indicates that the TLS handshake has completed.
QUICNoEvent indicates that there are no events available.
QUICRejectedEarlyData indicates that the server rejected 0-RTT data even if we offered it.
QUICSetReadSecret and QUICSetWriteSecret provide the read and write secrets for a given encryption level.
No description provided by the author
QUICTransportParameters provides the peer's QUIC transport parameters.
QUICTransportParametersRequired indicates that the caller must provide QUIC transport parameters to send to the peer.
QUICWriteData provides data to send to the peer in CRYPTO frames.
RenegotiateFreelyAsClient allows a remote server to repeatedly request renegotiation.
RenegotiateNever disables renegotiation.
RenegotiateOnceAsClient allows a remote server to request renegotiation once per connection.
RequestClientCert indicates that a client certificate should be requested during the handshake, but does not require that the client send any certificates.
RequireAndVerifyClientCert indicates that a client certificate should be requested during the handshake, and that at least one valid certificate is required to be sent by the client.
RequireAnyClientCert indicates that a client certificate should be requested during the handshake, and that at least one certificate is required to be sent by the client, but that certificate is not required to be valid.
TLS 1.3 cipher suites.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
Legacy names for the corresponding cipher suites with the correct _SHA256 suffix, retained for backward compatibility.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator that the client is doing version fallback.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
A list of cipher suite IDs that are, or have been, implemented by this package.
TLS 1.0 - 1.2 cipher suites.
A list of cipher suite IDs that are, or have been, implemented by this package.
VerifyClientCertIfGiven indicates that a client certificate should be requested during the handshake, but does not require that the client sends a certificate.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Structs
A Certificate is a chain of one or more certificates, leaf first.
CertificateRequestInfo contains information from a server's CertificateRequest message, which is used to demand a certificate and proof of control from a client.
CertificateVerificationError is returned when certificate verification fails during the handshake.
CipherSuite is a TLS cipher suite.
ClientHelloInfo contains information from a ClientHello message in order to guide application logic in the GetCertificate and GetConfigForClient callbacks.
ClientSessionState contains the state needed by a client to resume a previous TLS session.
A Config structure is used to configure a TLS client or server.
A Conn represents a secured connection.
ConnectionState records basic TLS details about the connection.
Dialer dials TLS connections given a configuration and a Dialer for the underlying connection.
A QUICConfig configures a [QUICConn].
A QUICConn represents a connection which uses a QUIC implementation as the underlying transport as described in RFC 9001.
A QUICEvent is an event occurring on a QUIC connection.
No description provided by the author
RecordHeaderError is returned when a TLS record header is invalid.
A SessionState is a resumable session.
# Interfaces
ClientSessionCache is a cache of ClientSessionState objects that can be used by a client to resume a TLS session with a given server.
# Type aliases
An AlertError is a TLS alert.
ClientAuthType declares the policy the server will follow for TLS Client Authentication.
CurveID is the type of a TLS identifier for an elliptic curve.
QUICEncryptionLevel represents a QUIC encryption level used to transmit handshake messages.
A QUICEventKind is a type of operation on a QUIC connection.
RenegotiationSupport enumerates the different levels of support for TLS renegotiation.
SignatureScheme identifies a signature algorithm supported by TLS.