// Extra method - Do a TLS Handshake and record progress func (c *Conn) TLSHandshake() error { if c.isTls { return fmt.Errorf( "Attempted repeat handshake with remote host %s", c.RemoteAddr().String()) } tlsConfig := new(ztls.Config) tlsConfig.InsecureSkipVerify = true tlsConfig.MinVersion = ztls.VersionSSL30 tlsConfig.MaxVersion = c.maxTlsVersion tlsConfig.RootCAs = c.caPool tlsConfig.HeartbeatEnabled = true tlsConfig.ClientDSAEnabled = true if !c.noSNI && c.domain != "" { tlsConfig.ServerName = c.domain } if c.onlyDHE { tlsConfig.CipherSuites = ztls.DHECiphers } if c.onlyExports { tlsConfig.CipherSuites = ztls.RSA512ExportCiphers } if c.onlyExportsDH { tlsConfig.CipherSuites = ztls.DHEExportCiphers } if c.chromeCiphers { tlsConfig.CipherSuites = ztls.ChromeCiphers } if c.chromeNoDHE { tlsConfig.CipherSuites = ztls.ChromeNoDHECiphers } if c.firefoxCiphers { tlsConfig.CipherSuites = ztls.FirefoxCiphers } if c.firefoxNoDHECiphers { tlsConfig.CipherSuites = ztls.FirefoxNoDHECiphers } if c.safariCiphers { tlsConfig.CipherSuites = ztls.SafariCiphers tlsConfig.ForceSuites = true } if c.safariNoDHECiphers { tlsConfig.CipherSuites = ztls.SafariNoDHECiphers tlsConfig.ForceSuites = true } if c.extendedRandom { tlsConfig.ExtendedRandom = true } if c.gatherSessionTicket { tlsConfig.ForceSessionTicketExt = true } if c.offerExtendedMasterSecret { tlsConfig.ExtendedMasterSecret = true } c.tlsConn = ztls.Client(c.conn, tlsConfig) c.tlsConn.SetReadDeadline(c.readDeadline) c.tlsConn.SetWriteDeadline(c.writeDeadline) c.isTls = true err := c.tlsConn.Handshake() if tlsConfig.ForceSuites && err == ztls.ErrUnimplementedCipher { err = nil } hl := c.tlsConn.GetHandshakeLog() if !c.tlsVerbose { hl.KeyMaterial = nil hl.ClientHello = nil hl.ClientFinished = nil hl.ClientKeyExchange = nil } c.grabData.TLSHandshake = hl return err }