DefaultCipherSuites is a set of strong TLS cipher suites
var DefaultCipherSuites = []uint16{ tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_RSA_WITH_AES_128_GCM_SHA256, tls.TLS_RSA_WITH_AES_256_GCM_SHA384, }
func AbsTLSClient(cfg *ClientTLSConfig, configDir string) error
AbsTLSClient makes TLS client files absolute
func AbsTLSServer(cfg *ServerTLSConfig, configDir string) error
AbsTLSServer makes TLS client files absolute
func GetClientTLSConfig(cfg *ClientTLSConfig, csp bccsp.BCCSP) (*tls.Config, error)
GetClientTLSConfig creates a tls.Config object from certs and roots
ClientAuth defines the key material needed to verify client certificates
type ClientAuth struct {
Type string `def:"noclientcert" help:"Policy the server will follow for TLS Client Authentication."`
CertFiles []string `help:"A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)"`
}
ClientTLSConfig defines the key material for a TLS client
type ClientTLSConfig struct {
Enabled bool `skip:"true"`
CertFiles []string `help:"A list of comma-separated PEM-encoded trusted certificate files (e.g. root1.pem,root2.pem)"`
Client KeyCertFiles
}
KeyCertFiles defines the files need for client on TLS
type KeyCertFiles struct {
KeyFile string `help:"PEM-encoded key file when mutual authentication is enabled"`
CertFile string `help:"PEM-encoded certificate file when mutual authenticate is enabled"`
}
ServerTLSConfig defines key material for a TLS server
type ServerTLSConfig struct {
Enabled bool `help:"Enable TLS on the listening port"`
CertFile string `def:"tls-cert.pem" help:"PEM-encoded TLS certificate file for server's listening port"`
KeyFile string `help:"PEM-encoded TLS key for server's listening port"`
ClientAuth ClientAuth
}