diff options
| author | Michael Stapelberg <stapelberg@debian.org> | 2013-03-04 21:27:36 +0100 |
|---|---|---|
| committer | Michael Stapelberg <michael@stapelberg.de> | 2013-03-04 21:27:36 +0100 |
| commit | 04b08da9af0c450d645ab7389d1467308cfc2db8 (patch) | |
| tree | db247935fa4f2f94408edc3acd5d0d4f997aa0d8 /src/pkg/crypto/tls/common.go | |
| parent | 917c5fb8ec48e22459d77e3849e6d388f93d3260 (diff) | |
| download | golang-04b08da9af0c450d645ab7389d1467308cfc2db8.tar.gz | |
Imported Upstream version 1.1~hg20130304upstream/1.1_hg20130304
Diffstat (limited to 'src/pkg/crypto/tls/common.go')
| -rw-r--r-- | src/pkg/crypto/tls/common.go | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/pkg/crypto/tls/common.go b/src/pkg/crypto/tls/common.go index 4ba0bf874..a888df762 100644 --- a/src/pkg/crypto/tls/common.go +++ b/src/pkg/crypto/tls/common.go @@ -41,6 +41,7 @@ const ( const ( typeClientHello uint8 = 1 typeServerHello uint8 = 2 + typeNewSessionTicket uint8 = 4 typeCertificate uint8 = 11 typeServerKeyExchange uint8 = 12 typeCertificateRequest uint8 = 13 @@ -63,6 +64,7 @@ var ( extensionStatusRequest uint16 = 5 extensionSupportedCurves uint16 = 10 extensionSupportedPoints uint16 = 11 + extensionSessionTicket uint16 = 35 extensionNextProtoNeg uint16 = 13172 // not IANA assigned ) @@ -97,6 +99,7 @@ const ( // ConnectionState records basic TLS details about the connection. type ConnectionState struct { HandshakeComplete bool + DidResume bool CipherSuite uint16 NegotiatedProtocol string NegotiatedProtocolIsMutual bool @@ -180,6 +183,28 @@ type Config struct { // CipherSuites is a list of supported cipher suites. If CipherSuites // is nil, TLS uses a list of suites supported by the implementation. CipherSuites []uint16 + + // PreferServerCipherSuites controls whether the server selects the + // client's most preferred ciphersuite, or the server's most preferred + // ciphersuite. If true then the server's preference, as expressed in + // the order of elements in CipherSuites, is used. + PreferServerCipherSuites bool + + // SessionTicketsDisabled may be set to true to disable session ticket + // (resumption) support. + SessionTicketsDisabled bool + + // SessionTicketKey is used by TLS servers to provide session + // resumption. See RFC 5077. If zero, it will be filled with + // random data before the first server handshake. + // + // If multiple servers are terminating connections for the same host + // they should all have the same SessionTicketKey. If the + // SessionTicketKey leaks, previously recorded and future TLS + // connections using that key are compromised. + SessionTicketKey [32]byte + + serverInitOnce sync.Once } func (c *Config) rand() io.Reader { |