Skip to content

Instantly share code, notes, and snippets.

@nporsche

nporsche/golang-tls.md

Forked from denji/golang-tls.md
Created February 23, 2017 09:09
Show Gist options
  • Save nporsche/67b60a476adef9236e89c39fc9c7754f to your computer and use it in GitHub Desktop.
Save nporsche/67b60a476adef9236e89c39fc9c7754f to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @denji denji revised this gist Feb 16, 2017. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -255,7 +255,7 @@ Reference Link
    * [The complete guide to Go net/http timeouts – `blog.cloudflare.com`](https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/)
    * [Certificate fetcher in Go – `gist.github.com`](https://gist.github.com/jtwaleson/1fdd77260bcb48377b6b)
    * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
    * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
    * __[XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)__
    * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options
    * https://github.com/bifurcation/mint — minimal TLS 1.3 Implementation in Go
    * https://github.com/cloudflare/tls-tris — crypto/tls, now with 100% more 1.3
  2. @denji denji revised this gist Feb 16, 2017. 1 changed file with 3 additions and 3 deletions.
    6 changes: 3 additions & 3 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -210,7 +210,7 @@ ln -sf server.rsa.crt server.crt

    * `.crt` — Alternate synonymous most common among *nix systems `.pem` (pubkey).
    * `.csr` — Certficate Signing Requests (synonymous most common among *nix systems).
    * `.cer` — Microsoft alternate form of `.crt`, you can use MS to convert `.crt` to `.cer` (`DER` encoded `.cer`, or `base64[PEM]` encoded `.cer`.
    * `.cer` — Microsoft alternate form of `.crt`, you can use MS to convert `.crt` to `.cer` (`DER` encoded `.cer`, or `base64[PEM]` encoded `.cer`).
    * `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line. These files may also bear the `cer` or the `crt` extension.
    * `.der` — The DER extension is used for binary DER encoded certificates.

    @@ -240,10 +240,10 @@ CA Bundle Path

    Reference Link
    ---
    * [Achieving a Perfect SSL Labs Score with Go – `blog.bracelab.com`](https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go)
    * ~~[Achieving a Perfect SSL Labs Score with Go – `blog.bracelab.com`](https://web.archive.org/web/20160520182043/https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go)~~
    * [OpenSSL without prompt – `superuser.com` (Stack Exchange)](http://superuser.com/a/226229/205366)
    * [TLS server and client — `gist.github.com/spikebike`](https://gist.github.com/spikebike/2232102)
    * [Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)
    * ~~[Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)~~
    * https://kjur.github.io/jsrsasign/sample-ecdsa.html
    * [Creating Self-Signed ECDSA SSL Certificate using OpenSSL – `guyrutenberg.com`](https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/)
    * https://www.openssl.org/docs/manmaster/
  3. @denji denji revised this gist Jan 19, 2017. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -257,13 +257,13 @@ Reference Link
    * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
    * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
    * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options
    * https://github.com/bifurcation/mintA Minimal TLS 1.3 Implementation in Go
    * https://github.com/bifurcation/mintminimal TLS 1.3 Implementation in Go
    * https://github.com/cloudflare/tls-tris — crypto/tls, now with 100% more 1.3
    * https://github.com/Xeoncross/secureserver
    * https://github.com/cloudflare/cfssl
    * https://github.com/google/certificate-transparency
    * https://cipherli.st/
    * https://github.com/cmrunton/tls-dashboard
    * https://github.com/cmrunton/tls-dashboard — dashboard written in JavaScript & HTML to check the remaining time before a TLS certificate expires.
    * https://github.com/tomato42/tlsfuzzer
    * https://github.com/mozilla/tls-observatory (https://observatory.mozilla.org/)
    * https://dev.ssllabs.com/ssltest/
  4. @denji denji revised this gist Jan 19, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -258,6 +258,7 @@ Reference Link
    * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
    * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options
    * https://github.com/bifurcation/mint — A Minimal TLS 1.3 Implementation in Go
    * https://github.com/cloudflare/tls-tris — crypto/tls, now with 100% more 1.3
    * https://github.com/Xeoncross/secureserver
    * https://github.com/cloudflare/cfssl
    * https://github.com/google/certificate-transparency
  5. @denji denji revised this gist Jan 19, 2017. 1 changed file with 4 additions and 1 deletion.
    5 changes: 4 additions & 1 deletion golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -257,14 +257,17 @@ Reference Link
    * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
    * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
    * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options
    * https://github.com/bifurcation/mint — A Minimal TLS 1.3 Implementation in Go
    * https://github.com/Xeoncross/secureserver
    * https://github.com/cloudflare/cfssl
    * https://github.com/google/certificate-transparency
    * https://cipherli.st/
    * https://github.com/cmrunton/tls-dashboard
    * https://github.com/tomato42/tlsfuzzer
    * https://github.com/mozilla/tls-observatory (https://observatory.mozilla.org/)
    * https://dev.ssllabs.com/ssltest/
    * https://indieweb.org/HTTPS
    * https://shaaaaaaaaaaaaa.com/
    * https://github.com/konklone/shaaaaaaaaaaaaa (https://shaaaaaaaaaaaaa.com/)
    * https://securityheaders.io/
    * https://testssl.sh/
    * https://github.com/nabla-c0d3/sslyze
  6. @denji denji revised this gist Jan 19, 2017. 1 changed file with 3 additions and 1 deletion.
    4 changes: 3 additions & 1 deletion golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -258,8 +258,10 @@ Reference Link
    * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
    * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options
    * https://github.com/Xeoncross/secureserver
    * https://github.com/cloudflare/cfssl
    * https://github.com/google/certificate-transparency
    * https://cipherli.st/
    * https://observatory.mozilla.org/
    * https://github.com/mozilla/tls-observatory (https://observatory.mozilla.org/)
    * https://dev.ssllabs.com/ssltest/
    * https://indieweb.org/HTTPS
    * https://shaaaaaaaaaaaaa.com/
  7. @denji denji revised this gist Jan 19, 2017. 1 changed file with 7 additions and 0 deletions.
    7 changes: 7 additions & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -265,4 +265,11 @@ Reference Link
    * https://shaaaaaaaaaaaaa.com/
    * https://securityheaders.io/
    * https://testssl.sh/
    * https://github.com/nabla-c0d3/sslyze
    * https://github.com/iSECPartners/sslyze
    * https://github.com/mozilla/cipherscan
    * https://github.com/ssllabs/ssllabs-scan
    * https://github.com/chromium/badssl.com (https://badssl.com)
    * https://github.com/datatheorem/TrustKit
    * https://github.com/certifi/gocertifi
    *
  8. @denji denji revised this gist Jan 19, 2017. 1 changed file with 4 additions and 0 deletions.
    4 changes: 4 additions & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -262,3 +262,7 @@ Reference Link
    * https://observatory.mozilla.org/
    * https://dev.ssllabs.com/ssltest/
    * https://indieweb.org/HTTPS
    * https://shaaaaaaaaaaaaa.com/
    * https://securityheaders.io/
    * https://testssl.sh/
    *
  9. @denji denji revised this gist Jan 19, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -261,3 +261,4 @@ Reference Link
    * https://cipherli.st/
    * https://observatory.mozilla.org/
    * https://dev.ssllabs.com/ssltest/
    * https://indieweb.org/HTTPS
  10. @denji denji revised this gist Jan 19, 2017. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -259,3 +259,5 @@ Reference Link
    * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options
    * https://github.com/Xeoncross/secureserver
    * https://cipherli.st/
    * https://observatory.mozilla.org/
    * https://dev.ssllabs.com/ssltest/
  11. @denji denji revised this gist Jan 10, 2017. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -258,3 +258,4 @@ Reference Link
    * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
    * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options
    * https://github.com/Xeoncross/secureserver
    * https://cipherli.st/
  12. @denji denji revised this gist Dec 27, 2016. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -257,3 +257,4 @@ Reference Link
    * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
    * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
    * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options
    * https://github.com/Xeoncross/secureserver
  13. @denji denji revised this gist Dec 27, 2016. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -256,3 +256,4 @@ Reference Link
    * [Certificate fetcher in Go – `gist.github.com`](https://gist.github.com/jtwaleson/1fdd77260bcb48377b6b)
    * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
    * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
    * Package [tcplisten](https://github.com/valyala/tcplisten) provides customizable TCP `net.Listener` with various performance-related options
  14. @denji denji revised this gist Dec 18, 2016. 1 changed file with 0 additions and 2 deletions.
    2 changes: 0 additions & 2 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -9,8 +9,6 @@ openssl genrsa -out server.key 2048
    openssl ecparam -genkey -name secp384r1 -out server.key
    ```

    > OpenSSL 1.0.2+ support RSA/ECC - Dual Mode
    ##### Generation of self-signed(x509) public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)

    ```sh
  15. @denji denji revised this gist Dec 18, 2016. 1 changed file with 2 additions and 0 deletions.
    2 changes: 2 additions & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -9,6 +9,8 @@ openssl genrsa -out server.key 2048
    openssl ecparam -genkey -name secp384r1 -out server.key
    ```

    > OpenSSL 1.0.2+ support RSA/ECC - Dual Mode
    ##### Generation of self-signed(x509) public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)

    ```sh
  16. @denji denji revised this gist Dec 17, 2016. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -255,3 +255,4 @@ Reference Link
    * [The complete guide to Go net/http timeouts – `blog.cloudflare.com`](https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/)
    * [Certificate fetcher in Go – `gist.github.com`](https://gist.github.com/jtwaleson/1fdd77260bcb48377b6b)
    * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
    * [XCA - X Certificate and key management](https://sourceforge.net/projects/xca/)
  17. @denji denji revised this gist Dec 17, 2016. 1 changed file with 4 additions and 2 deletions.
    6 changes: 4 additions & 2 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -208,9 +208,11 @@ ln -sf server.rsa.key server.key
    ln -sf server.rsa.crt server.crt
    ```

    * `.crt` (synonymous most common among *nix systems)
    * `.crt` — Alternate synonymous most common among *nix systems `.pem` (pubkey).
    * `.csr` — Certficate Signing Requests (synonymous most common among *nix systems).
    * `.cer` — Microsoft alternate form of `.crt`, you can use MS to convert `.crt` to `.cer` (`DER` encoded `.cer`, or `base64[PEM]` encoded `.cer`.
    * `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line. These files may also bear the `cer` or the `crt` extension.
    * `.der` — The DER extension is used for binary DER encoded certificates.
    * `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line.

    #### Generating the Certficate Signing Request

  18. @denji denji revised this gist Dec 17, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -12,7 +12,7 @@ openssl ecparam -genkey -name secp384r1 -out server.key
    ##### Generation of self-signed(x509) public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)

    ```sh
    openssl req -new -x509 -sha256 -key server.key -out server.csr -days 3650
    openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
    ```

    ---
  19. @denji denji revised this gist Dec 17, 2016. 1 changed file with 32 additions and 32 deletions.
    64 changes: 32 additions & 32 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -3,7 +3,7 @@
    ```sh
    # Key considerations for algorithm "RSA" ≥ 2048-bit
    openssl genrsa -out server.key 2048

    # Key considerations for algorithm "ECDSA" ≥ secp384r1
    # List ECDSA the supported curves (openssl ecparam -list_curves)
    openssl ecparam -genkey -name secp384r1 -out server.key
    @@ -12,7 +12,7 @@ openssl ecparam -genkey -name secp384r1 -out server.key
    ##### Generation of self-signed(x509) public key (PEM-encodings `.pem`|`.crt`) based on the private (`.key`)

    ```sh
    openssl req -new -x509 -sha256 -key server.key -out server.pem -days 3650
    openssl req -new -x509 -sha256 -key server.key -out server.csr -days 3650
    ```

    ---
    @@ -159,35 +159,35 @@ func main() {
    package main

    import (
    "crypto/tls"
    "log"
    "net/http"
    "crypto/tls"
    "log"
    "net/http"
    )

    func main() {
    mux := http.NewServeMux()
    mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
    w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
    w.Write([]byte("This is an example server.\n"))
    })
    cfg := &tls.Config{
    MinVersion: tls.VersionTLS12,
    CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
    PreferServerCipherSuites: true,
    CipherSuites: []uint16{
    tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
    tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
    tls.TLS_RSA_WITH_AES_256_CBC_SHA,
    },
    }
    srv := &http.Server{
    Addr: ":443",
    Handler: mux,
    TLSConfig: cfg,
    TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
    }
    log.Fatal(srv.ListenAndServeTLS("tls.crt", "tls.key"))
    mux := http.NewServeMux()
    mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
    w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
    w.Write([]byte("This is an example server.\n"))
    })
    cfg := &tls.Config{
    MinVersion: tls.VersionTLS12,
    CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
    PreferServerCipherSuites: true,
    CipherSuites: []uint16{
    tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
    tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
    tls.TLS_RSA_WITH_AES_256_CBC_SHA,
    },
    }
    srv := &http.Server{
    Addr: ":443",
    Handler: mux,
    TLSConfig: cfg,
    TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
    }
    log.Fatal(srv.ListenAndServeTLS("tls.crt", "tls.key"))
    }
    ```

    @@ -200,17 +200,17 @@ openssl req -x509 -nodes -newkey ec:secp384r1 -keyout server.ecdsa.key -out serv
    # -pkeyopt ec_paramgen_curve:… / ec:<(openssl ecparam -name …) / -newkey ec:…
    ln -sf server.ecdsa.key server.key
    ln -sf server.ecdsa.crt server.crt

    # ECDSA recommendation key ≥ secp384r1
    # List ECDSA the supported curves (openssl ecparam -list_curves)
    openssl req -x509 -nodes -newkey rsa:2048 -keyout server.rsa.key -out server.rsa.crt -days 3650
    ln -sf server.rsa.key server.key
    ln -sf server.rsa.crt server.crt
    ```

    `.crt` (synonymous most common among *nix systems)
    `.der` — The DER extension is used for binary DER encoded certificates.
    `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line.
    * `.crt` (synonymous most common among *nix systems)
    * `.der` — The DER extension is used for binary DER encoded certificates.
    * `.pem` = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a «—– BEGIN …» line.

    #### Generating the Certficate Signing Request

  20. @denji denji revised this gist Dec 17, 2016. 1 changed file with 5 additions and 5 deletions.
    10 changes: 5 additions & 5 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -227,12 +227,12 @@ ECDSA & RSA — FAQ

    CA Bundle Path
    ---
    * `/etc/pki/tls/certs/ca-bundle.crt``Fedora`, `RHEL`, `CentOS` (ca-certificates package)
    * `/etc/ssl/certs/ca-certificates.crt``Debian`, `Ubuntu`, `Gentoo`, `Arch Linux` (ca-certificates package)
    * `/etc/ssl/ca-bundle.pem``SUSE`, `openSUSE` (ca-certificates package)
    * `/usr/local/share/certs/ca-root-nss.crt``FreeBSD` (ca_root_nss_package)
    * `/etc/pki/tls/certs/ca-bundle.crt``Fedora`, `RHEL`, `CentOS` (`ca-certificates` package)
    * `/etc/ssl/certs/ca-certificates.crt``Debian`, `Ubuntu`, `Gentoo`, `Arch Linux` (`ca-certificates` package)
    * `/etc/ssl/ca-bundle.pem``SUSE`, `openSUSE` (`ca-certificates` package)
    * `/usr/local/share/certs/ca-root-nss.crt``FreeBSD` (`ca_root_nss` package)
    * `/usr/ssl/certs/ca-bundle.crt``Cygwin`
    * `/opt/local/share/curl/curl-ca-bundle.crt``macOS macports`, `curl-ca-bundle` package
    * `/opt/local/share/curl/curl-ca-bundle.crt``macOS macports` (`curl-ca-bundle` package)
    * `/usr/local/share/curl/curl-ca-bundle.crt` — Default cURL CA bunde path (without `--with-ca-bundle` option)
    * `/usr/share/ssl/certs/ca-bundle.crt``Really old RedHat?`

  21. @denji denji revised this gist Dec 17, 2016. 1 changed file with 11 additions and 0 deletions.
    11 changes: 11 additions & 0 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -225,6 +225,17 @@ ECDSA & RSA — FAQ
    * Conversion form to compressed "ECDSA" `-conv_form compressed`
    * "EC" parameters and a private key `-genkey`

    CA Bundle Path
    ---
    * `/etc/pki/tls/certs/ca-bundle.crt``Fedora`, `RHEL`, `CentOS` (ca-certificates package)
    * `/etc/ssl/certs/ca-certificates.crt``Debian`, `Ubuntu`, `Gentoo`, `Arch Linux` (ca-certificates package)
    * `/etc/ssl/ca-bundle.pem``SUSE`, `openSUSE` (ca-certificates package)
    * `/usr/local/share/certs/ca-root-nss.crt``FreeBSD` (ca_root_nss_package)
    * `/usr/ssl/certs/ca-bundle.crt``Cygwin`
    * `/opt/local/share/curl/curl-ca-bundle.crt``macOS macports`, `curl-ca-bundle` package
    * `/usr/local/share/curl/curl-ca-bundle.crt` — Default cURL CA bunde path (without `--with-ca-bundle` option)
    * `/usr/share/ssl/certs/ca-bundle.crt``Really old RedHat?`

    Reference Link
    ---
    * [Achieving a Perfect SSL Labs Score with Go – `blog.bracelab.com`](https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go)
  22. @denji denji revised this gist Dec 6, 2016. 1 changed file with 3 additions and 3 deletions.
    6 changes: 3 additions & 3 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -125,9 +125,9 @@ import (
    func main() {
    log.SetFlags(log.Lshortfile)

    // conf := &tls.Config{
    // InsecureSkipVerify: true,
    // }
    conf := &tls.Config{
    //InsecureSkipVerify: true,
    }

    conn, err := tls.Dial("tcp", "127.0.0.1:443", conf)
    if err != nil {
  23. @denji denji revised this gist Dec 6, 2016. 1 changed file with 3 additions and 3 deletions.
    6 changes: 3 additions & 3 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -125,9 +125,9 @@ import (
    func main() {
    log.SetFlags(log.Lshortfile)

    conf := &tls.Config{
    InsecureSkipVerify: true,
    }
    // conf := &tls.Config{
    // InsecureSkipVerify: true,
    // }

    conn, err := tls.Dial("tcp", "127.0.0.1:443", conf)
    if err != nil {
  24. @denji denji revised this gist Dec 6, 2016. 1 changed file with 4 additions and 3 deletions.
    7 changes: 4 additions & 3 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -233,9 +233,10 @@ Reference Link
    * [Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)
    * https://kjur.github.io/jsrsasign/sample-ecdsa.html
    * [Creating Self-Signed ECDSA SSL Certificate using OpenSSL – `guyrutenberg.com`](https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/)
    * https://www.openssl.org/docs/manmaster/man1/ecparam.html
    * https://www.openssl.org/docs/manmaster/man1/ec.html
    * https://www.openssl.org/docs/manmaster/man1/req.html
    * https://www.openssl.org/docs/manmaster/
    * https://www.openssl.org/docs/manmaster/man1/ecparam.html
    * https://www.openssl.org/docs/manmaster/man1/ec.html
    * https://www.openssl.org/docs/manmaster/man1/req.html
    * https://digitalelf.net/2016/02/creating-ssl-certificates-in-3-easy-steps/
    * [HTTPS and Go – `kaihag.com`](http://www.kaihag.com/https-and-go/)
    * [The complete guide to Go net/http timeouts – `blog.cloudflare.com`](https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/)
  25. @denji denji revised this gist Dec 6, 2016. 1 changed file with 3 additions and 3 deletions.
    6 changes: 3 additions & 3 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -233,9 +233,9 @@ Reference Link
    * [Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)
    * https://kjur.github.io/jsrsasign/sample-ecdsa.html
    * [Creating Self-Signed ECDSA SSL Certificate using OpenSSL – `guyrutenberg.com`](https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/)
    * https://www.openssl.org/docs/manmaster/apps/ecparam.html
    * https://www.openssl.org/docs/manmaster/apps/ec.html
    * https://www.openssl.org/docs/manmaster/apps/req.html
    * https://www.openssl.org/docs/manmaster/man1/ecparam.html
    * https://www.openssl.org/docs/manmaster/man1/ec.html
    * https://www.openssl.org/docs/manmaster/man1/req.html
    * https://digitalelf.net/2016/02/creating-ssl-certificates-in-3-easy-steps/
    * [HTTPS and Go – `kaihag.com`](http://www.kaihag.com/https-and-go/)
    * [The complete guide to Go net/http timeouts – `blog.cloudflare.com`](https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/)
  26. @denji denji revised this gist Nov 17, 2016. 1 changed file with 1 addition and 1 deletion.
    2 changes: 1 addition & 1 deletion golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -48,7 +48,7 @@ func main() {
    Hint: visit, please do not forget to use https begins,otherwise chrome will download a file as follows:

    ```bash
    dotcoo-air:tls dotcoo$ cat ~/Downloads/hello | xxd
    $ curl -sL https://localhost:443 | xxd
    0000000: 1503 0100 0202 0a .......
    ```

  27. @denji denji revised this gist Oct 24, 2016. 1 changed file with 3 additions and 3 deletions.
    6 changes: 3 additions & 3 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -232,12 +232,12 @@ Reference Link
    * [TLS server and client — `gist.github.com/spikebike`](https://gist.github.com/spikebike/2232102)
    * [Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)
    * https://kjur.github.io/jsrsasign/sample-ecdsa.html
    * [Creating Self-Signed ECDSA SSL Certificate using OpenSSL – guyrutenberg.com](https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/)
    * [Creating Self-Signed ECDSA SSL Certificate using OpenSSL – `guyrutenberg.com`](https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/)
    * https://www.openssl.org/docs/manmaster/apps/ecparam.html
    * https://www.openssl.org/docs/manmaster/apps/ec.html
    * https://www.openssl.org/docs/manmaster/apps/req.html
    * https://digitalelf.net/2016/02/creating-ssl-certificates-in-3-easy-steps/
    * [HTTPS and Go – kaihag.com](http://www.kaihag.com/https-and-go/)
    * https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/
    * [HTTPS and Go – `kaihag.com`](http://www.kaihag.com/https-and-go/)
    * [The complete guide to Go net/http timeouts – `blog.cloudflare.com`](https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/)
    * [Certificate fetcher in Go – `gist.github.com`](https://gist.github.com/jtwaleson/1fdd77260bcb48377b6b)
    * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
  28. @denji denji revised this gist Oct 24, 2016. 1 changed file with 3 additions and 4 deletions.
    7 changes: 3 additions & 4 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -230,15 +230,14 @@ Reference Link
    * [Achieving a Perfect SSL Labs Score with Go – `blog.bracelab.com`](https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go)
    * [OpenSSL without prompt – `superuser.com` (Stack Exchange)](http://superuser.com/a/226229/205366)
    * [TLS server and client — `gist.github.com/spikebike`](https://gist.github.com/spikebike/2232102)
    * [~Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`~](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)
    * https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go
    * [Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)
    * https://kjur.github.io/jsrsasign/sample-ecdsa.html
    * https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/
    * [Creating Self-Signed ECDSA SSL Certificate using OpenSSL – guyrutenberg.com](https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/)
    * https://www.openssl.org/docs/manmaster/apps/ecparam.html
    * https://www.openssl.org/docs/manmaster/apps/ec.html
    * https://www.openssl.org/docs/manmaster/apps/req.html
    * https://digitalelf.net/2016/02/creating-ssl-certificates-in-3-easy-steps/
    * http://www.kaihag.com/https-and-go/
    * [HTTPS and Go – kaihag.com](http://www.kaihag.com/https-and-go/)
    * https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/
    * [Certificate fetcher in Go – `gist.github.com`](https://gist.github.com/jtwaleson/1fdd77260bcb48377b6b)
    * [How to redirect HTTP to HTTPS with a golang webserver – `gist.github.com`](https://gist.github.com/d-schmidt/587ceec34ce1334a5e60)
  29. @denji denji revised this gist Oct 24, 2016. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -229,8 +229,8 @@ Reference Link
    ---
    * [Achieving a Perfect SSL Labs Score with Go – `blog.bracelab.com`](https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go)
    * [OpenSSL without prompt – `superuser.com` (Stack Exchange)](http://superuser.com/a/226229/205366)
    * https://gist.github.com/spikebike/2232102
    * http://echo.labstack.com/guide/
    * [TLS server and client — `gist.github.com/spikebike`](https://gist.github.com/spikebike/2232102)
    * [~Echo, a fast and unfancy micro web framework for Go — `echo.labstack.com/guide`~](https://web.archive.org/web/20150925030955/http://echo.labstack.com/guide)
    * https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go
    * https://kjur.github.io/jsrsasign/sample-ecdsa.html
    * https://www.guyrutenberg.com/2013/12/28/creating-self-signed-ecdsa-ssl-certificate-using-openssl/
  30. @denji denji revised this gist Oct 24, 2016. 1 changed file with 2 additions and 2 deletions.
    4 changes: 2 additions & 2 deletions golang-tls.md
    View file
    Original file line number Diff line number Diff line change
    @@ -227,8 +227,8 @@ ECDSA & RSA — FAQ

    Reference Link
    ---
    * [Achieving a Perfect SSL Labs Score with Go – `blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go`](https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go)
    * http://superuser.com/a/226229/205366
    * [Achieving a Perfect SSL Labs Score with Go – `blog.bracelab.com`](https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go)
    * [OpenSSL without prompt – `superuser.com` (Stack Exchange)](http://superuser.com/a/226229/205366)
    * https://gist.github.com/spikebike/2232102
    * http://echo.labstack.com/guide/
    * https://blog.bracelab.com/achieving-perfect-ssl-labs-score-with-go