crypto/tls.Conn.config (field)

163 uses

	crypto/tls (current package)
		conn.go#L44: 	config         *Config // configuration passed to constructor
		conn.go#L896: 	if c.config.DynamicRecordSizingDisabled || typ != recordTypeApplicationData {
		conn.go#L1025: 		outBuf, err = c.out.encrypt(outBuf, data[:m], c.config.rand())
		conn.go#L1273: 	switch c.config.Renegotiation {
		conn.go#L1643: 	if c.config.Renegotiation != RenegotiateNever {
		ech.go#L586: 	if len(c.config.EncryptedClientHelloKeys) == 0 {
		ech.go#L590: 	for _, echKey := range c.config.EncryptedClientHelloKeys {
		handshake_client.go#L48: 	config := c.config
		handshake_client.go#L210: 	if c.config.EncryptedClientHelloConfigList != nil {
		handshake_client.go#L211: 		if c.config.MinVersion != 0 && c.config.MinVersion < VersionTLS13 {
		handshake_client.go#L214: 		if c.config.MaxVersion != 0 && c.config.MaxVersion <= VersionTLS12 {
		handshake_client.go#L217: 		echConfigs, err := parseECHConfigList(c.config.EncryptedClientHelloConfigList)
		handshake_client.go#L267: 	if c.config == nil {
		handshake_client.go#L268: 		c.config = defaultConfig()
		handshake_client.go#L294: 					c.config.ClientSessionCache.Put(cacheKey, nil)
		handshake_client.go#L309: 		_, err = io.ReadFull(c.config.rand(), hello.random)
		handshake_client.go#L358: 	maxVers := c.config.maxSupportedVersion(roleClient)
		handshake_client.go#L394: 	if c.config.SessionTicketsDisabled || c.config.ClientSessionCache == nil {
		handshake_client.go#L422: 	cs, ok := c.config.ClientSessionCache.Get(cacheKey)
		handshake_client.go#L443: 	if c.config.time().After(session.peerCertificates[0].NotAfter) {
		handshake_client.go#L445: 		c.config.ClientSessionCache.Put(cacheKey, nil)
		handshake_client.go#L448: 	if !c.config.InsecureSkipVerify {
		handshake_client.go#L453: 		if err := session.peerCertificates[0].VerifyHostname(c.config.ServerName); err != nil {
		handshake_client.go#L470: 	if c.config.time().After(time.Unix(int64(session.useBy), 0)) {
		handshake_client.go#L471: 		c.config.ClientSessionCache.Put(cacheKey, nil)
		handshake_client.go#L511: 	ticketAge := c.config.time().Sub(time.Unix(int64(session.createdAt), 0))
		handshake_client.go#L536: 	vers, ok := c.config.mutualVersion(roleClient, []uint16{peerVersion})
		handshake_client.go#L566: 	if isResume || (len(c.config.Certificates) == 0 && c.config.GetClientCertificate == nil) {
		handshake_client.go#L593: 		if c.config.VerifyConnection != nil {
		handshake_client.go#L594: 			if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil {
		handshake_client.go#L642: 	if hs.c.config.CipherSuites == nil && !fips140tls.Required() && rsaKexCiphers[hs.suite.id] {
		handshake_client.go#L646: 	if hs.c.config.CipherSuites == nil && !fips140tls.Required() && tdesCiphers[hs.suite.id] {
		handshake_client.go#L718: 		err = keyAgreement.processServerKeyExchange(c.config, hs.hello, hs.serverHello, c.peerCertificates[0], skx)
		handshake_client.go#L768: 	preMasterSecret, ckx, err := keyAgreement.generateClientKeyExchange(c.config, hs.hello, c.peerCertificates[0])
		handshake_client.go#L787: 	if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.hello.random, hs.masterSecret); err != nil {
		handshake_client.go#L828: 		certVerify.signature, err = key.Sign(c.config.rand(), signed, signOpts)
		handshake_client.go#L1044: 	c.config.ClientSessionCache.Put(cacheKey, cs)
		handshake_client.go#L1104: 	echRejected := c.config.EncryptedClientHelloConfigList != nil && !c.echAccepted
		handshake_client.go#L1106: 		if c.config.EncryptedClientHelloRejectionVerify != nil {
		handshake_client.go#L1107: 			if err := c.config.EncryptedClientHelloRejectionVerify(c.connectionStateLocked()); err != nil {
		handshake_client.go#L1113: 				Roots:         c.config.RootCAs,
		handshake_client.go#L1114: 				CurrentTime:   c.config.time(),
		handshake_client.go#L1134: 	} else if !c.config.InsecureSkipVerify {
		handshake_client.go#L1136: 			Roots:         c.config.RootCAs,
		handshake_client.go#L1137: 			CurrentTime:   c.config.time(),
		handshake_client.go#L1138: 			DNSName:       c.config.ServerName,
		handshake_client.go#L1169: 	if c.config.VerifyPeerCertificate != nil && !echRejected {
		handshake_client.go#L1170: 		if err := c.config.VerifyPeerCertificate(certificates, c.verifiedChains); err != nil {
		handshake_client.go#L1176: 	if c.config.VerifyConnection != nil && !echRejected {
		handshake_client.go#L1177: 		if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil {
		handshake_client.go#L1253: 	if c.config.GetClientCertificate != nil {
		handshake_client.go#L1254: 		return c.config.GetClientCertificate(cri)
		handshake_client.go#L1257: 	for _, chain := range c.config.Certificates {
		handshake_client.go#L1271: 	if len(c.config.ServerName) > 0 {
		handshake_client.go#L1272: 		return c.config.ServerName
		handshake_client_tls13.go#L101: 			c.serverName = c.config.ServerName
		handshake_client_tls13.go#L275: 				c.serverName = c.config.ServerName
		handshake_client_tls13.go#L330: 		key, err := generateECDHEKey(c.config.rand(), curveID)
		handshake_client_tls13.go#L346: 			ticketAge := c.config.time().Sub(time.Unix(int64(hs.session.createdAt), 0))
		handshake_client_tls13.go#L529: 	err = c.config.writeKeyLog(keyLogLabelClientHandshake, hs.hello.random, clientSecret)
		handshake_client_tls13.go#L534: 	err = c.config.writeKeyLog(keyLogLabelServerHandshake, hs.hello.random, serverSecret)
		handshake_client_tls13.go#L621: 		if c.config.VerifyConnection != nil {
		handshake_client_tls13.go#L622: 			if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil {
		handshake_client_tls13.go#L736: 	err = c.config.writeKeyLog(keyLogLabelClientTraffic, hs.hello.random, hs.trafficSecret)
		handshake_client_tls13.go#L741: 	err = c.config.writeKeyLog(keyLogLabelServerTraffic, hs.hello.random, serverSecret)
		handshake_client_tls13.go#L812: 	sig, err := cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), signed, signOpts)
		handshake_client_tls13.go#L839: 	if !c.config.SessionTicketsDisabled && c.config.ClientSessionCache != nil {
		handshake_client_tls13.go#L859: 	if c.config.SessionTicketsDisabled || c.config.ClientSessionCache == nil {
		handshake_client_tls13.go#L889: 	session.useBy = uint64(c.config.time().Add(lifetime).Unix())
		handshake_client_tls13.go#L899: 		c.config.ClientSessionCache.Put(cacheKey, cs)
		handshake_server.go#L159: 	originalConfig := c.config
		handshake_server.go#L160: 	if c.config.GetConfigForClient != nil {
		handshake_server.go#L162: 		if configForClient, err = c.config.GetConfigForClient(chi); err != nil {
		handshake_server.go#L166: 			c.config = configForClient
		handshake_server.go#L175: 	c.vers, ok = c.config.mutualVersion(roleServer, clientVersions)
		handshake_server.go#L196: 	if c.config.MinVersion == 0 && c.vers < VersionTLS12 {
		handshake_server.go#L227: 	maxVers := c.config.maxSupportedVersion(roleServer)
		handshake_server.go#L236: 	_, err := io.ReadFull(c.config.rand(), serverRandom)
		handshake_server.go#L254: 	selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, false)
		handshake_server.go#L262: 	hs.cert, err = c.config.getCertificate(clientHelloInfo(hs.ctx, c, hs.clientHello))
		handshake_server.go#L275: 	hs.ecdheOk = supportsECDHE(c.config, c.vers, hs.clientHello.supportedCurves, hs.clientHello.supportedPoints)
		handshake_server.go#L381: 	configCipherSuites := c.config.cipherSuites()
		handshake_server.go#L399: 	if c.config.CipherSuites == nil && !fips140tls.Required() && rsaKexCiphers[hs.suite.id] {
		handshake_server.go#L403: 	if c.config.CipherSuites == nil && !fips140tls.Required() && tdesCiphers[hs.suite.id] {
		handshake_server.go#L411: 			if hs.clientHello.vers < c.config.maxSupportedVersion(roleServer) {
		handshake_server.go#L447: 	if c.config.SessionTicketsDisabled {
		handshake_server.go#L452: 	if c.config.UnwrapSession != nil {
		handshake_server.go#L453: 		ss, err := c.config.UnwrapSession(hs.clientHello.sessionTicket, c.connectionStateLocked())
		handshake_server.go#L462: 		plaintext := c.config.decryptTicket(hs.clientHello.sessionTicket, c.ticketKeys)
		handshake_server.go#L477: 	if c.config.time().Sub(createdAt) > maxSessionTicketLifetime {
		handshake_server.go#L500: 		c.config.cipherSuites(), hs.cipherSuiteOk)
		handshake_server.go#L506: 	needClientCerts := requiresClientCert(c.config.ClientAuth)
		handshake_server.go#L510: 	if sessionHasClientCerts && c.config.ClientAuth == NoClientCert {
		handshake_server.go#L513: 	if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) {
		handshake_server.go#L516: 	if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
		handshake_server.go#L563: 	if c.config.VerifyConnection != nil {
		handshake_server.go#L564: 		if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil {
		handshake_server.go#L582: 	hs.hello.ticketSupported = hs.clientHello.ticketSupported && !c.config.SessionTicketsDisabled
		handshake_server.go#L586: 	if c.config.ClientAuth == NoClientCert {
		handshake_server.go#L613: 	skx, err := keyAgreement.generateServerKeyExchange(c.config, hs.cert, hs.clientHello, hs.hello)
		handshake_server.go#L628: 	if c.config.ClientAuth >= RequestClientCert {
		handshake_server.go#L645: 		if c.config.ClientCAs != nil {
		handshake_server.go#L646: 			certReq.certificateAuthorities = c.config.ClientCAs.Subjects()
		handshake_server.go#L671: 	if c.config.ClientAuth >= RequestClientCert {
		handshake_server.go#L692: 	if c.config.VerifyConnection != nil {
		handshake_server.go#L693: 		if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil {
		handshake_server.go#L706: 	preMasterSecret, err := keyAgreement.processClientKeyExchange(c.config, hs.cert, ckx, c.vers)
		handshake_server.go#L719: 	if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.clientHello.random, hs.masterSecret); err != nil {
		handshake_server.go#L854: 	if c.config.WrapSession != nil {
		handshake_server.go#L856: 		m.ticket, err = c.config.WrapSession(c.connectionStateLocked(), state)
		handshake_server.go#L865: 		m.ticket, err = c.config.encryptTicket(stateBytes, c.ticketKeys)
		handshake_server.go#L916: 	if len(certs) == 0 && requiresClientCert(c.config.ClientAuth) {
		handshake_server.go#L925: 	if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 {
		handshake_server.go#L927: 			Roots:         c.config.ClientCAs,
		handshake_server.go#L928: 			CurrentTime:   c.config.time(),
		handshake_server.go#L970: 	if c.config.VerifyPeerCertificate != nil {
		handshake_server.go#L971: 		if err := c.config.VerifyPeerCertificate(certificates, c.verifiedChains); err != nil {
		handshake_server.go#L996: 		config:            c.config,
		handshake_server_tls13.go#L134: 			if c.vers < c.config.maxSupportedVersion(roleServer) {
		handshake_server_tls13.go#L149: 	if _, err := io.ReadFull(c.config.rand(), hs.hello.random); err != nil {
		handshake_server_tls13.go#L207: 	preferredGroups := c.config.curvePreferences(c.vers)
		handshake_server_tls13.go#L261: 	key, err := generateECDHEKey(c.config.rand(), ecdhGroup)
		handshake_server_tls13.go#L297: 	selectedProto, err := negotiateALPN(c.config.NextProtos, hs.clientHello.alpnProtocols, c.quic != nil)
		handshake_server_tls13.go#L332: 	if c.config.SessionTicketsDisabled {
		handshake_server_tls13.go#L361: 		if c.config.UnwrapSession != nil {
		handshake_server_tls13.go#L363: 			sessionState, err = c.config.UnwrapSession(identity.label, c.connectionStateLocked())
		handshake_server_tls13.go#L371: 			plaintext := c.config.decryptTicket(identity.label, c.ticketKeys)
		handshake_server_tls13.go#L387: 		if c.config.time().Sub(createdAt) > maxSessionTicketLifetime {
		handshake_server_tls13.go#L400: 		needClientCerts := requiresClientCert(c.config.ClientAuth)
		handshake_server_tls13.go#L404: 		if sessionHasClientCerts && c.config.ClientAuth == NoClientCert {
		handshake_server_tls13.go#L407: 		if sessionHasClientCerts && c.config.time().After(sessionState.peerCertificates[0].NotAfter) {
		handshake_server_tls13.go#L410: 		if sessionHasClientCerts && c.config.ClientAuth >= VerifyClientCertIfGiven &&
		handshake_server_tls13.go#L510: 	certificate, err := c.config.getCertificate(clientHelloInfo(hs.ctx, c, hs.clientHello))
		handshake_server_tls13.go#L778: 	err := c.config.writeKeyLog(keyLogLabelClientHandshake, hs.clientHello.random, clientSecret)
		handshake_server_tls13.go#L783: 	err = c.config.writeKeyLog(keyLogLabelServerHandshake, hs.clientHello.random, serverSecret)
		handshake_server_tls13.go#L803: 	if len(hs.c.config.EncryptedClientHelloKeys) > 0 && len(hs.clientHello.encryptedClientHello) > 0 && hs.echContext == nil {
		handshake_server_tls13.go#L804: 		encryptedExtensions.echRetryConfigs, err = buildRetryConfigList(hs.c.config.EncryptedClientHelloKeys)
		handshake_server_tls13.go#L819: 	return hs.c.config.ClientAuth >= RequestClientCert && !hs.usingPSK
		handshake_server_tls13.go#L836: 		if c.config.ClientCAs != nil {
		handshake_server_tls13.go#L837: 			certReq.certificateAuthorities = c.config.ClientCAs.Subjects()
		handshake_server_tls13.go#L869: 	sig, err := hs.cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), signed, signOpts)
		handshake_server_tls13.go#L916: 	err := c.config.writeKeyLog(keyLogLabelClientTraffic, hs.clientHello.random, hs.trafficSecret)
		handshake_server_tls13.go#L921: 	err = c.config.writeKeyLog(keyLogLabelServerTraffic, hs.clientHello.random, serverSecret)
		handshake_server_tls13.go#L942: 	if hs.c.config.SessionTicketsDisabled {
		handshake_server_tls13.go#L995: 	if c.config.WrapSession != nil {
		handshake_server_tls13.go#L997: 		m.label, err = c.config.WrapSession(c.connectionStateLocked(), state)
		handshake_server_tls13.go#L1007: 		m.label, err = c.config.encryptTicket(stateBytes, c.ticketKeys)
		handshake_server_tls13.go#L1018: 	if _, err := c.config.rand().Read(ageAdd); err != nil {
		handshake_server_tls13.go#L1041: 		if c.config.VerifyConnection != nil {
		handshake_server_tls13.go#L1042: 			if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil {
		handshake_server_tls13.go#L1068: 	if c.config.VerifyConnection != nil {
		handshake_server_tls13.go#L1069: 		if err := c.config.VerifyConnection(c.connectionStateLocked()); err != nil {
		quic.go#L208: 	if q.conn.config.MinVersion < VersionTLS13 {
		quic.go#L332: 	c.config.ClientSessionCache.Put(cacheKey, cs)
		ticket.go#L297: 		createdAt:         uint64(c.config.time().Unix()),
		tls.go#L38: 		config: config,
		tls.go#L51: 		config:   config,