cipher

package
v1.19.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 24, 2026 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package cipher provides TLS cipher suite selection and management.

This package defines the Cipher type which represents TLS cipher suites for both TLS 1.0-1.2 and TLS 1.3. It provides convenient parsing from strings and integers, as well as methods to check cipher suite validity.

Supported Cipher Suites:

  • TLS 1.0-1.2: RSA, ECDHE-RSA, ECDHE-ECDSA with AES-GCM and ChaCha20-Poly1305
  • TLS 1.3: AES_128_GCM_SHA256, AES_256_GCM_SHA384, CHACHA20_POLY1305_SHA256

Security Considerations:

  • Only modern, secure cipher suites are supported
  • Legacy cipher suites (RC4, 3DES, MD5) are not included
  • Prefer ECDHE cipher suites for forward secrecy
  • TLS 1.3 cipher suites provide improved security

Example: 

cipher := cipher.Parse("ECDHE-RSA-AES128-GCM-SHA256")
if cipher != cipher.Unknown {
    fmt.Println("Supported cipher:", cipher.String())
}

Index

Constants

View Source 
const (
	// Unknown represents an unsupported or unrecognized cipher suite.
	Unknown Cipher = Cipher(0)

	// TLS_RSA_WITH_AES_128_GCM_SHA256 uses RSA key exchange with AES-128-GCM.
	TLS_RSA_WITH_AES_128_GCM_SHA256 = Cipher(tls.TLS_RSA_WITH_AES_128_GCM_SHA256)

	// TLS_RSA_WITH_AES_256_GCM_SHA384 uses RSA key exchange with AES-256-GCM.
	TLS_RSA_WITH_AES_256_GCM_SHA384 = Cipher(tls.TLS_RSA_WITH_AES_256_GCM_SHA384)

	// TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uses ECDHE key exchange with RSA signatures and AES-128-GCM.
	// Provides forward secrecy.
	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = Cipher(tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)

	// TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uses ECDHE key exchange with ECDSA signatures and AES-128-GCM.
	// Provides forward secrecy.
	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = Cipher(tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)

	// TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uses ECDHE key exchange with RSA signatures and AES-256-GCM.
	// Provides forward secrecy.
	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = Cipher(tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)

	// TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uses ECDHE key exchange with ECDSA signatures and AES-256-GCM.
	// Provides forward secrecy.
	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = Cipher(tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)

	// TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 uses ECDHE key exchange with RSA signatures and ChaCha20-Poly1305.
	// Provides forward secrecy. Optimized for mobile devices.
	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = Cipher(tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256)

	// TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 uses ECDHE key exchange with ECDSA signatures and ChaCha20-Poly1305.
	// Provides forward secrecy. Optimized for mobile devices.
	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = Cipher(tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)

	// TLS_AES_128_GCM_SHA256 is a TLS 1.3 cipher suite using AES-128-GCM.
	TLS_AES_128_GCM_SHA256 = Cipher(tls.TLS_AES_128_GCM_SHA256)

	// TLS_AES_256_GCM_SHA384 is a TLS 1.3 cipher suite using AES-256-GCM.
	TLS_AES_256_GCM_SHA384 = Cipher(tls.TLS_AES_256_GCM_SHA384)

	// TLS_CHACHA20_POLY1305_SHA256 is a TLS 1.3 cipher suite using ChaCha20-Poly1305.
	// Optimized for mobile devices.
	TLS_CHACHA20_POLY1305_SHA256 = Cipher(tls.TLS_CHACHA20_POLY1305_SHA256)
)

Variables

This section is empty.

Functions

func Check 

func Check(cipher uint16) bool

Check takes a Cipher constant and returns a boolean indicating whether the Cipher is valid or not.

The function first calls ParseInt to convert the Cipher constant to a uint16 value. If the resulting value is Unknown, the function returns false. Otherwise, it returns true.

func ListString 

func ListString() []string

ListString returns a list of all supported cipher suites as strings.

It includes both TLS 1.0 - 1.2 and TLS 1.3 cipher suites.

func ViperDecoderHook 

func ViperDecoderHook() libmap.DecodeHookFuncType

Types

type Cipher 

type Cipher uint16

Cipher represents a TLS cipher suite identifier. It wraps the uint16 cipher suite values from crypto/tls and provides parsing capabilities. 

const (
	// TLS 1.0 - 1.2 cipher suites no sha for retro compt
	TLS_RSA_WITH_AES_128_GCM Cipher = iota + 1
	TLS_RSA_WITH_AES_256_GCM
	TLS_ECDHE_RSA_WITH_AES_128_GCM
	TLS_ECDHE_ECDSA_WITH_AES_128_GCM
	TLS_ECDHE_RSA_WITH_AES_256_GCM
	TLS_ECDHE_ECDSA_WITH_AES_256_GCM
	TLS_RSA_WITH_AES128_GCM Cipher = iota + 1
	TLS_RSA_WITH_AES256_GCM
	TLS_ECDHE_RSA_WITH_AES128_GCM
	TLS_ECDHE_ECDSA_WITH_AES128_GCM
	TLS_ECDHE_RSA_WITH_AES256_GCM
	TLS_ECDHE_ECDSA_WITH_AES256_GCM
	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305

	// TLS 1.3 cipher suites retro compat
	TLS_AES_128_GCM
	TLS_AES_256_GCM
	TLS_AES128_GCM
	TLS_AES256_GCM
	TLS_CHACHA20_POLY1305
)

func List 

func List() []Cipher

List returns all the supported cipher suites.

It includes both TLS 1.0 - 1.2 and TLS 1.3 cipher suites.

func Parse 

func Parse(s string) Cipher

Parse returns a Cipher from a given string.

The string is cleaned up by removing any double quotes, single quotes, tls, periods, dashes, and whitespace. The cleaned up string is then split into parts separated by underscore. The parts are then matched against the codes of the available cipher suites.

If a match is found, the corresponding corresponding Cipher is returned. If no match is found, Unknown is returned.

func ParseBytes added in v1.19.0 

func ParseBytes(p []byte) Cipher

ParseBytes takes a byte slice and returns a Cipher constant.

The byte slice is first converted to a string, and then passed to Parse. If no matching Cipher constant is found, the function returns Unknown.

func ParseInt 

func ParseInt(d int) Cipher

ParseInt takes an integer and returns a Cipher constant.

If the integer is outside the range [1, math.MaxUint16], it is clamped to the nearest valid value. The function uses a switch statement to map the integer to a Cipher constant. If no matching Cipher constant is found, the function returns Unknown.

func (Cipher) Check 

func (v Cipher) Check() bool

func (Cipher) Cipher 

func (v Cipher) Cipher() uint16

func (Cipher) Code 

func (v Cipher) Code() []string

func (Cipher) Int 

func (v Cipher) Int() int

func (Cipher) Int32 

func (v Cipher) Int32() int32

func (Cipher) Int64 

func (v Cipher) Int64() int64

func (Cipher) MarshalCBOR 

func (v Cipher) MarshalCBOR() ([]byte, error)

func (Cipher) MarshalJSON 

func (v Cipher) MarshalJSON() ([]byte, error)

func (Cipher) MarshalTOML 

func (v Cipher) MarshalTOML() ([]byte, error)

func (Cipher) MarshalText 

func (v Cipher) MarshalText() ([]byte, error)

func (Cipher) MarshalYAML 

func (v Cipher) MarshalYAML() (interface{}, error)

func (Cipher) String 

func (v Cipher) String() string

func (Cipher) TLS 

func (v Cipher) TLS() uint16

func (Cipher) Uint 

func (v Cipher) Uint() uint

func (Cipher) Uint16 

func (v Cipher) Uint16() uint16

func (Cipher) Uint32 

func (v Cipher) Uint32() uint32

func (Cipher) Uint64 

func (v Cipher) Uint64() uint64

func (*Cipher) UnmarshalCBOR 

func (v *Cipher) UnmarshalCBOR(bytes []byte) error

func (*Cipher) UnmarshalJSON 

func (v *Cipher) UnmarshalJSON(bytes []byte) error

func (*Cipher) UnmarshalTOML 

func (v *Cipher) UnmarshalTOML(i interface{}) error

func (*Cipher) UnmarshalText 

func (v *Cipher) UnmarshalText(bytes []byte) error

func (*Cipher) UnmarshalYAML 

func (v *Cipher) UnmarshalYAML(value *yaml.Node) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.