/
defs.go
60 lines (50 loc) · 1.97 KB
/
defs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
// Package core contains core definitions for the transport package,
// the most salient of which is likely the Identity type. This type is
// used to build a Transport instance.
//
// The TLS configurations provided here are designed for three
// scenarios: mutual authentication for a clients, mutual
// authentication for servers, and a general-purpose server
// configuration applicable where mutual authentication is not
// appropriate.
//
package core
import (
"time"
"github.com/cloudflare/cfssl/csr"
)
// A Root stores information about a trusted root.
type Root struct {
// Type should contain a string identifier for the type.
Type string `json:"type"`
// Metadata contains the information needed to load the
// root(s).
Metadata map[string]string `json:"metadata"`
}
// Identity is used to store information about a particular transport.
type Identity struct {
// Request contains metadata for constructing certificate requests.
Request *csr.CertificateRequest `json:"request"`
// Roots contains a list of sources for trusted roots.
Roots []*Root `json:"roots"`
// ClientRoots contains a list of sources for trusted client
// certificates.
ClientRoots []*Root `json:"client_roots"`
// Profiles contains a dictionary of names to dictionaries;
// this is intended to allow flexibility in supporting
// multiple configurations.
Profiles map[string]map[string]string `json:"profiles"`
}
// DefaultBefore is a sensible default; attempt to regenerate certificates the
// day before they expire.
var DefaultBefore = 24 * time.Hour
// CipherSuites are the TLS cipher suites that should be used by CloudFlare programs.
var CipherSuites = []uint16{
// These are manually specified because the SHA384 suites are
// not specified in Go 1.4; in Go 1.4, they won't actually
// be sent.
0xc030, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
0xc02c, // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
0xc02f, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
0xc02b, // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
}