Log supported versions extension in AsyncSSLSocket.

Summary: To monitor client support of TLS 1.3. Reviewed By: ngoyal Differential Revision: D4308473 fbshipit-source-id: cb6fb444c8b7ced39e6655a0f63b18523c2fb9c5

Log supported versions extension in AsyncSSLSocket.
Summary: To monitor client support of TLS 1.3. Reviewed By: ngoyal Differential Revision: D4308473 fbshipit-source-id: cb6fb444c8b7ced39e6655a0f63b18523c2fb9c5
38442e01 · Kyle Nekritz · Facebook Github Bot · c80831a5 · 38442e01 · 38442e01
Commit 38442e01 authored Dec 09, 2016 by Kyle Nekritz Committed by Facebook Github Bot Dec 09, 2016
3 changed files
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -1697,6 +1697,14 @@ void AsyncSSLSocket::clientHelloParsingCallback(int written,
            sock->clientHelloInfo_->
              clientHelloSigAlgs_.emplace_back(hashAlg, sigAlg);
          }
+        } else if (extensionType == ssl::TLSExtension::SUPPORTED_VERSIONS) {
+          cursor.skip(1);
+          extensionDataLength -= 1;
+          while (extensionDataLength) {
+            sock->clientHelloInfo_->clientHelloSupportedVersions_.push_back(
+                cursor.readBE<uint16_t>());
+            extensionDataLength -= 2;
+          }
        } else {
          cursor.skip(extensionDataLength);
        }
@@ -1790,6 +1798,13 @@ std::string AsyncSSLSocket::getSSLClientSigAlgs() const {
  return sigAlgs;
 }

+std::string AsyncSSLSocket::getSSLClientSupportedVersions() const {
+  if (!parseClientHello_) {
+    return "";
+  }
+  return folly::join(":", clientHelloInfo_->clientHelloSupportedVersions_);
+}
+
 std::string AsyncSSLSocket::getSSLAlertsReceived() const {
  std::string ret;


--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -561,6 +561,12 @@ class AsyncSSLSocket : public virtual AsyncSocket {

  std::string getSSLClientSigAlgs() const;

+  /**
+   * Get the list of versions in the supported versions extension (used to
+   * negotiate TLS 1.3).
+   */
+  std::string getSSLClientSupportedVersions() const;
+
  std::string getSSLAlertsReceived() const;

  /**

--- a/folly/io/async/ssl/TLSDefinitions.h
+++ b/folly/io/async/ssl/TLSDefinitions.h
@@ -51,6 +51,7 @@ enum class TLSExtension : uint16_t {
  ENCRYPT_THEN_MAC = 22,
  EXTENDED_MASTER_SECRET = 23,
  SESSION_TICKET = 35,
+  SUPPORTED_VERSIONS = 43,
  // Facebook-specific, not IANA assigned yet
  TLS_CACHED_INFO_FB = 60001,
  // End Facebook-specific
@@ -84,6 +85,7 @@ struct ClientHelloInfo {
  std::vector<uint8_t> clientHelloCompressionMethods_;
  std::vector<TLSExtension> clientHelloExtensions_;
  std::vector<std::pair<HashAlgorithm, SignatureAlgorithm>> clientHelloSigAlgs_;
+  std::vector<uint16_t> clientHelloSupportedVersions_;
 };

 } // ssl