Package cpu implements processor feature detection used by the Go standard library.

Package testenv provides information about what functionality is available in different testing environments run by the Go team.

https://github.com/google/boringssl/blob/7d7554b6b3c79e707e25521e61e066ce2b996e4c/ssl/t1_lib.c#L2803.

Client returns a new TLS client side connection using conn as the underlying transport.

Dial connects to the given network address using net.Dial and then initiates a TLS handshake, returning the resulting TLS connection.

DialWithDialer connects to the given network address using dialer.Dial and then initiates a TLS handshake, returning the resulting TLS connection.

EnableVartimeAES allows utls connections to the faster but insecure AES and GHASH implementation on certain hardware configurations.

EnableVartimeGroups allows utls connections to continue in some cases, when a curve with a variable time implementation was chosen.

EnableWeakCiphers allows utls connections to continue in some cases, when weak cipher was chosen.

will panic if ssl_grease_last_index[index] is out of bounds.

Listen creates a TLS listener accepting connections on the given network address using net.Listen.

LoadX509KeyPair reads and parses a public/private key pair from a pair of files.

ClientSessionState contains the state needed by clients to resume TLS sessions.

MakeConnWithCompleteHandshake allows to forge both server and client side TLS connections.

NewListener creates a Listener which accepts connections from an inner Listener and wraps each connection with Server.

NewLRUClientSessionCache returns a ClientSessionCache with the given capacity that uses an LRU strategy.

NewPRNGSeed creates a new PRNG seed using crypto/rand.Read.

NewRoller creates Roller object with default range of HelloIDs to cycle through until a working/unblocked one is found.

Server returns a new TLS server side connection using conn as the underlying transport.

UClient returns a new uTLS client, with behavior depending on clientHelloID.

X509KeyPair parses a public/private key pair from a pair of PEM encoded data.

Legacy signature and hash algorithms for TLS 1.2.

we can try to craft these ciphersuites.

from existing pieces, if needed.

based on spec's GreaseStyle, GREASE_PLACEHOLDER may be replaced by another GREASE value https://tools.ietf.org/html/draft-ietf-tls-grease-01.

RSASSA-PSS algorithms with public key OID rsaEncryption.

RenegotiateFreelyAsClient allows a remote server to repeatedly request Renegotiation.

RenegotiateNever disables Renegotiation.

RenegotiateOnceAsClient allows a remote server to request Renegotiation once per connection.

TLS 1.3 cipher suites.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator that the client is doing version fallback.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

A list of cipher suite IDs that are, or have been, implemented by this package.

TLS 1.0 - 1.2 cipher suites.

newest signatures.

fake curves(groups).

fake curves(groups).

newest signatures.

HelloCustom will prepare ClientHello with empty uconn.Extensions so you can fill it with TLSExtensions manually or use ApplyPreset function.

The rest will will parrot given browser.

HelloGolang will use default "crypto/tls" handshake marshaling codepath, which WILL overwrite your changes to Hello(Config, Session are fine).

legacy "111" means 11.1.

HelloRandomized* randomly adds/reorders extensions, ciphersuites, etc.

A Certificate is a chain of one or more certificates, leaf first.

CertificateRequestInfo contains information from a server's CertificateRequest message, which is used to demand a certificate and proof of control from a client.

A CipherSuite is a specific combination of key agreement, cipher and MAC function.

ClientHandshakeState includes both TLS 1.3-only and TLS 1.2-only states, only one of them will be used, depending on negotiated version.

ClientHelloInfo contains information from a ClientHello message in order to guide certificate selection in the GetCertificate callback.

ClientSessionState contains the state needed by clients to resume TLS sessions.

A Config structure is used to configure a TLS client or server.

A Conn represents a secured connection.

ConnectionState records basic TLS details about the connection.

MUST NOT be part of initial ClientHello.

A FinishedHash calculates the hash of a set of handshake messages suitable for including in a Finished message.

TLS 1.3 Key Share.

TLS 1.3 */.

RecordHeaderError is returned when a TLS record header is invalid.

TLS 1.2 and before only.

TLS 1.3 only.

it is responsibility of user not to generate multiple grease extensions with same value.

ClientSessionCache is a cache of ClientSessionState objects that can be used by a client to resume a TLS session with a given server.

https://tools.ietf.org/html/draft-ietf-tls-certificate-compression-04.

ClientAuthType declares the policy the server will follow for TLS Client Authentication.

CurveID is the type of a TLS identifier for an elliptic curve.

PRNGSeed is a PRNG seed.

RenegotiationSupport enumerates the different levels of support for TLS Renegotiation.

SignatureScheme identifies a signature algorithm supported by TLS.