Commit 6f93f864 authored by Filippo Valsorda's avatar Filippo Valsorda

crypto/tls: expand Config.CipherSuites docs

Fixes #29349

Change-Id: Iec16eb2b20b43250249ec85c3d78fd64d1b6e3f3
Reviewed-on: https://go-review.googlesource.com/c/158637Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
parent 1e49021f
...@@ -199,7 +199,7 @@ type ConnectionState struct { ...@@ -199,7 +199,7 @@ type ConnectionState struct {
Version uint16 // TLS version used by the connection (e.g. VersionTLS12) Version uint16 // TLS version used by the connection (e.g. VersionTLS12)
HandshakeComplete bool // TLS handshake is complete HandshakeComplete bool // TLS handshake is complete
DidResume bool // connection resumes a previous TLS connection DidResume bool // connection resumes a previous TLS connection
CipherSuite uint16 // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...) CipherSuite uint16 // cipher suite in use (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, ...)
NegotiatedProtocol string // negotiated next protocol (not guaranteed to be from Config.NextProtos) NegotiatedProtocol string // negotiated next protocol (not guaranteed to be from Config.NextProtos)
NegotiatedProtocolIsMutual bool // negotiated protocol was advertised by server (client side only) NegotiatedProtocolIsMutual bool // negotiated protocol was advertised by server (client side only)
ServerName string // server name requested by client, if any (server side only) ServerName string // server name requested by client, if any (server side only)
...@@ -315,7 +315,7 @@ const ( ...@@ -315,7 +315,7 @@ const (
// guide certificate selection in the GetCertificate callback. // guide certificate selection in the GetCertificate callback.
type ClientHelloInfo struct { type ClientHelloInfo struct {
// CipherSuites lists the CipherSuites supported by the client (e.g. // CipherSuites lists the CipherSuites supported by the client (e.g.
// TLS_RSA_WITH_RC4_128_SHA). // TLS_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256).
CipherSuites []uint16 CipherSuites []uint16
// ServerName indicates the name of the server requested by the client // ServerName indicates the name of the server requested by the client
...@@ -521,8 +521,11 @@ type Config struct { ...@@ -521,8 +521,11 @@ type Config struct {
// This should be used only for testing. // This should be used only for testing.
InsecureSkipVerify bool InsecureSkipVerify bool
// CipherSuites is a list of supported cipher suites. If CipherSuites // CipherSuites is a list of supported cipher suites for TLS versions up to
// is nil, TLS uses a list of suites supported by the implementation. // TLS 1.2. If CipherSuites is nil, a default list of secure cipher suites
// is used, with a preference order based on hardware performance. The
// default cipher suites might change over Go versions. Note that TLS 1.3
// ciphersuites are not configurable.
CipherSuites []uint16 CipherSuites []uint16
// PreferServerCipherSuites controls whether the server selects the // PreferServerCipherSuites controls whether the server selects the
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment