GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mordyovits → golang-crypto-tls

mordyovits / golang-crypto-tls

Licence: other
Fork of golang 1.8.1 crypto/tls to add DHE, PSK, DHE_PSK, RSA_PSK, and DH_anon ciphersuites

Programming Languages

go
31211 projects - #10 most used programming language

Labels

tlscryptography

Projects that are alternatives of or similar to golang-crypto-tls

tlssocks
secure socks5 over tls / tcp
Stars: ✭ 24 (-22.58%)
Mutual labels:  tls
OrigamiSMTP
A TLS Enabled Fake SMTP Server for Development
Stars: ✭ 16 (-48.39%)
Mutual labels:  tls
labca
A private Certificate Authority for internal (lab) use, based on the open source ACME Automated Certificate Management Environment implementation from Let's Encrypt (tm).
Stars: ✭ 126 (+306.45%)
Mutual labels:  tls
XAsyncSockets
XAsyncSockets is an efficient Python/MicroPython library of managed asynchronous sockets.
Stars: ✭ 28 (-9.68%)
Mutual labels:  tls
Swiddler
TCP/UDP debugging tool.
Stars: ✭ 56 (+80.65%)
Mutual labels:  tls
sieve-connect
A client for the MANAGESIEVE Protocol
Stars: ✭ 60 (+93.55%)
Mutual labels:  tls
RabbitSSL
Example Java, Spring-Boot and Python RabbitMQ SSL configuration
Stars: ✭ 21 (-32.26%)
Mutual labels:  tls
sillyproxy
SillyProxy - Dynamic SNI based TLS proxy for terminating TLS (>=1.1) HTTP connections to multiple domains.
Stars: ✭ 19 (-38.71%)
Mutual labels:  tls
swarm-router
Scalable stateless «zero config» service-name ingress for docker swarm mode with a fresh more secure approach
Stars: ✭ 58 (+87.1%)
Mutual labels:  tls
rustls-native-certs
Integration with OS certificate stores for rustls
Stars: ✭ 123 (+296.77%)
Mutual labels:  tls
jruby-openssl
JRuby's OpenSSL gem
Stars: ✭ 39 (+25.81%)
Mutual labels:  tls
Lauschgeraet
Gets in the way of your victim's traffic and out of yours
Stars: ✭ 25 (-19.35%)
Mutual labels:  tls
ptw
Pooling TLS Wrapper
Stars: ✭ 20 (-35.48%)
Mutual labels:  tls
cert-sync
Dynamic provision for istio ingressgateway certificates.
Stars: ✭ 22 (-29.03%)
Mutual labels:  tls
httpsbook
《深入浅出HTTPS:从原理到实战》代码示例、勘误、反馈、讨论
Stars: ✭ 77 (+148.39%)
Mutual labels:  tls
CycleTLS
Spoof TLS/JA3 fingerprints in GO and Javascript
Stars: ✭ 362 (+1067.74%)
Mutual labels:  tls
terraform-aws-acm-request-certificate
Terraform module to request an ACM certificate for a domain name and create a CNAME record in the DNS zone to complete certificate validation
Stars: ✭ 83 (+167.74%)
Mutual labels:  tls
cassler
🕷️ 🕷️ 🕷️ Validate SSL Certificates around web
Stars: ✭ 55 (+77.42%)
Mutual labels:  tls
ssl-handshake
A command-line tool for testing SSL/TLS handshake latency, written in Go.
Stars: ✭ 41 (+32.26%)
Mutual labels:  tls
boost-wintls
Native Windows TLS stream wrapper for use with boost::asio
Stars: ✭ 24 (-22.58%)
Mutual labels:  tls
View All Similar Projects ➔

golang-crypto-tls

Fork of golang 1.8.1 crypto/tls to add DHE, PSK, DHE_PSK, RSA_PSK, and DH_anon ciphersuites

WARNING

Some ciphersuites that this package implements were left unimplemented in the standard golang package for a reason! Those ciphersuites should only be used if you understand why you are using them. For example:

  1. DH_anon ciphersuites provide no authentication and are vulnerable to a MITM attack.
  2. DHE ciphersuites are slower than ECDHE ciphersuites.

For your protection, every ciphersuite added in this package is not enabled by default. To use them you must explicitly name them in the CipherSuites setting in your tls.Config.

Added Ciphersuites

This package implements every standard TLS key exchange mechanism except SRP and ECDHEPSK (no one cares about FORTEZZA). If you need either of those, let me know; ECDHEPSK is simple to add, SRP less so.

The following 32 ciphersuites are added in this package:

DHE_RSA

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

DH_anon

  • TLS_DH_anon_WITH_AES_128_GCM_SHA256
  • TLS_DH_anon_WITH_AES_256_GCM_SHA384
  • TLS_DH_anon_WITH_AES_128_CBC_SHA
  • TLS_DH_anon_WITH_AES_256_CBC_SHA
  • TLS_DH_anon_WITH_AES_128_CBC_SHA256
  • TLS_DH_anon_WITH_AES_256_CBC_SHA256

RSA

  • TLS_RSA_WITH_AES_256_CBC_SHA256

RSA_PSK

  • TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
  • TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
  • TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
  • TLS_RSA_PSK_WITH_AES_128_CBC_SHA
  • TLS_RSA_PSK_WITH_AES_256_CBC_SHA
  • TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256

DHE_PSK

  • TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
  • TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
  • TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
  • TLS_DHE_PSK_WITH_AES_128_CBC_SHA
  • TLS_DHE_PSK_WITH_AES_256_CBC_SHA
  • TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256

PSK

  • TLS_PSK_WITH_AES_128_CBC_SHA256
  • TLS_PSK_WITH_AES_128_CBC_SHA
  • TLS_PSK_WITH_AES_256_CBC_SHA
  • TLS_PSK_WITH_AES_128_GCM_SHA256
  • TLS_PSK_WITH_AES_256_GCM_SHA384
  • TLS_PSK_WITH_CHACHA20_POLY1305_SHA256

How to use this package

Since it's a fork of a built-in package, there are a few ways to use it, none perfect. Here are the options:

Replace the default package in $GOROOT

This is the simplest option, but it requires modifying your Go installation:

  1. cd $GOROOT/src/crypto
  2. mv tls tls.bak
  3. git clone https://pathtothis/golang-crypto-tls tls

Then rebuild with go build -a

Vendor it

git clone it into a vendor/crypto/tls directory

Works great, but requires vendoring a few more packages.

Import it under an alias

import (tls "pathtothis/tls)

Downside: crypto has an internal package, so you'll need to manually duplicate that to a vendor directory.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].