github.com/goproxy0/go@v0.0.0-20171111080102-49cc0c489d2c/src/crypto/tls/README.md

github.com/goproxy0/go@v0.0.0-20171111080102-49cc0c489d2c/src/crypto/tls/README.md (about)

     1  ```
     2   _____ _     ____        _        _
     3  |_   _| |   / ___|      | |_ _ __(_)___
     4    | | | |   \___ \ _____| __| '__| / __|
     5    | | | |___ ___) |_____| |_| |  | \__ \
     6    |_| |_____|____/       \__|_|  |_|___/
     7  
     8  ```
     9  
    10  crypto/tls, now with 100% more 1.3.
    11  
    12  THE API IS NOT STABLE AND DOCUMENTATION IS NOT GUARANTEED.
    13  
    14  [![Build Status](https://travis-ci.org/cloudflare/tls-tris.svg?branch=master)](https://travis-ci.org/cloudflare/tls-tris)
    15  
    16  ## Usage
    17  
    18  Since `crypto/tls` is very deeply (and not that elegantly) coupled with the Go stdlib,
    19  tls-tris shouldn't be used as an external package.  It is also impossible to vendor it
    20  as `crypto/tls` because stdlib packages would import the standard one and mismatch.
    21  
    22  So, to build with tls-tris, you need to use a custom GOROOT.
    23  A script is provided that will take care of it for you: `./_dev/go.sh`.
    24  Just use that instead of the `go` tool.
    25  
    26  The script also transparently fetches the custom Cloudflare Go 1.9 compiler with the required backports.
    27  
    28  ```
    29  ./_dev/go.sh build ./_dev/tris-localserver
    30  TLSDEBUG=error ./tris-localserver 127.0.0.1:4443
    31  ```
    32  
    33  ## Debugging
    34  
    35  When the environment variable `TLSDEBUG` is set to `error`, Tris will print a hexdump of the Client Hello and a stack trace if an handshake error occurs. If the value is `short`, only the error and the first meaningful stack frame are printed.
    36  
    37  ## Building Caddy
    38  
    39  ```
    40  ./_dev/go.sh build github.com/mholt/caddy
    41  ```
    42  
    43  *Note: to get Caddy to use TLS 1.3 you'll have to apply the patch at `_dev/caddy/caddy.patch`.*
    44  
    45  ## Testing with BoringSSL/NSS/Mint/...
    46  
    47  ```
    48  ./_dev/tris-localserver/start.sh --rm
    49  ```
    50  
    51  ```
    52  docker build -t tls-tris:boring _dev/boring
    53  docker run -i --rm tls-tris:boring $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver):443
    54  ```
    55  
    56  ```
    57  docker build -t tls-tris:tstclnt _dev/tstclnt
    58  docker run -i --rm tls-tris:tstclnt $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver):443
    59  ```
    60  
    61  ```
    62  docker build -t tls-tris:mint _dev/mint
    63  docker run -i --rm tls-tris:mint $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver):443
    64  ```
    65  
    66  To build a specific revision, use `--build-arg REVISION=abcdef1234`.