// Extra method - Do a TLS Handshake and record progress
func (c *Conn) TLSHandshake() error {
if c.isTls {
return fmt.Errorf(
"Attempted repeat handshake with remote host %s",
c.RemoteAddr().String())
}
tlsConfig := new(ztls.Config)
tlsConfig.InsecureSkipVerify = true
tlsConfig.MinVersion = ztls.VersionSSL30
tlsConfig.MaxVersion = c.maxTlsVersion
tlsConfig.RootCAs = c.caPool
tlsConfig.HeartbeatEnabled = true
tlsConfig.ClientDSAEnabled = true
if !c.noSNI && c.domain != "" {
tlsConfig.ServerName = c.domain
}
if c.onlyDHE {
tlsConfig.CipherSuites = ztls.DHECiphers
}
if c.onlyExports {
tlsConfig.CipherSuites = ztls.RSA512ExportCiphers
}
if c.onlyExportsDH {
tlsConfig.CipherSuites = ztls.DHEExportCiphers
}
if c.chromeCiphers {
tlsConfig.CipherSuites = ztls.ChromeCiphers
}
if c.chromeNoDHE {
tlsConfig.CipherSuites = ztls.ChromeNoDHECiphers
}
if c.firefoxCiphers {
tlsConfig.CipherSuites = ztls.FirefoxCiphers
}
if c.firefoxNoDHECiphers {
tlsConfig.CipherSuites = ztls.FirefoxNoDHECiphers
}
if c.safariCiphers {
tlsConfig.CipherSuites = ztls.SafariCiphers
tlsConfig.ForceSuites = true
}
if c.safariNoDHECiphers {
tlsConfig.CipherSuites = ztls.SafariNoDHECiphers
tlsConfig.ForceSuites = true
}
if c.extendedRandom {
tlsConfig.ExtendedRandom = true
}
if c.gatherSessionTicket {
tlsConfig.ForceSessionTicketExt = true
}
if c.offerExtendedMasterSecret {
tlsConfig.ExtendedMasterSecret = true
}
c.tlsConn = ztls.Client(c.conn, tlsConfig)
c.tlsConn.SetReadDeadline(c.readDeadline)
c.tlsConn.SetWriteDeadline(c.writeDeadline)
c.isTls = true
err := c.tlsConn.Handshake()
if tlsConfig.ForceSuites && err == ztls.ErrUnimplementedCipher {
err = nil
}
hl := c.tlsConn.GetHandshakeLog()
if !c.tlsVerbose {
hl.KeyMaterial = nil
hl.ClientHello = nil
hl.ClientFinished = nil
hl.ClientKeyExchange = nil
}
c.grabData.TLSHandshake = hl
return err
}
