<p>Hey,</p>
<p>I have a server running on HTTPS with let's encrypt.</p>
<p>I am now writing a client and I would like to login a user to the server in a secure way, meaning I do not want to send their password without TLS.</p>
<p>Is something like this enough to send their password encrypted?</p>
<pre><code>serverURL := "https://server.com/login"
tr := &http.Transport{
TLSClientConfig: &tls.Config{},
}
client := &http.Client{Transport: tr}
resp, err := client.Post(serverURL)
// ...
</code></pre>
<p>Do I need anything extra in <code>&tls.Config{}</code>? Do I need to create a self signed certificate for my client in order to use TLS or is the server running on HTTPS enough?</p>
<p>Thanks</p>
<hr/>**评论:**<br/><br/>mwholt: <pre><p>You can just do:</p>
<p><code>
resp, err := http.Post(serverURL, "content type", body)
</code></p>
<p>As long as the server's URL begins with "https://" your client will use TLS with sane defaults.</p></pre>nesigma: <pre><p>Oh wow that's amazing!! Thanks!</p></pre>tialaramex: <pre><p>Client certificates prove the client's identity to the server (exactly as sever certificates prove the server's identity to the client) they're not necessary if either you trust any client (e.g. google.com searches don't care who you are) or when doing some other form of authentication, as you are with passwords. So, don't bother with client certs in this scenario.</p></pre>SilentWeaponQuietWar: <pre><pre><code>tr := &http.Transport{
TLSClientConfig: &tls.Config{},
}
</code></pre>
<p>FYI this might not be immediately obvious, but if you are going to use your own Transport settings, might want to be sure and set MaxIdleConns, otherwise it will be set to 0, which means unlimited.</p>
<p>From the docs:</p>
<blockquote>
<p>// MaxIdleConns controls the maximum number of idle (keep-alive)
// connections across all hosts. <strong>Zero means no limit.</strong></p>
</blockquote></pre>
