Skip to content

F
folly
Commit 38442e01 authored by Kyle Nekritz's avatar Kyle Nekritz Committed by Facebook Github Bot
Browse files
Options

Log supported versions extension in AsyncSSLSocket. 

Summary: To monitor client support of TLS 1.3.

Reviewed By: ngoyal

Differential Revision: D4308473

fbshipit-source-id: cb6fb444c8b7ced39e6655a0f63b18523c2fb9c5
parent c80831a5
Hide whitespace changes
Inline Side-by-side
Showing with 23 additions and 0 deletions
folly/io/async/AsyncSSLSocket.cpp
View file @ 38442e01
...@@ -1697,6 +1697,14 @@ void AsyncSSLSocket::clientHelloParsingCallback(int written, ...@@ -1697,6 +1697,14 @@ void AsyncSSLSocket::clientHelloParsingCallback(int written,
sock->clientHelloInfo_-> sock->clientHelloInfo_->
clientHelloSigAlgs_.emplace_back(hashAlg, sigAlg); clientHelloSigAlgs_.emplace_back(hashAlg, sigAlg);
} }
} else if (extensionType == ssl::TLSExtension::SUPPORTED_VERSIONS) {
cursor.skip(1);
extensionDataLength -= 1;
while (extensionDataLength) {
sock->clientHelloInfo_->clientHelloSupportedVersions_.push_back(
cursor.readBE<uint16_t>());
extensionDataLength -= 2;
}
} else { } else {
cursor.skip(extensionDataLength); cursor.skip(extensionDataLength);
} }
...@@ -1790,6 +1798,13 @@ std::string AsyncSSLSocket::getSSLClientSigAlgs() const { ...@@ -1790,6 +1798,13 @@ std::string AsyncSSLSocket::getSSLClientSigAlgs() const {
return sigAlgs; return sigAlgs;
} }
std::string AsyncSSLSocket::getSSLClientSupportedVersions() const {
if (!parseClientHello_) {
return "";
}
return folly::join(":", clientHelloInfo_->clientHelloSupportedVersions_);
}
std::string AsyncSSLSocket::getSSLAlertsReceived() const { std::string AsyncSSLSocket::getSSLAlertsReceived() const {
std::string ret; std::string ret;
......
folly/io/async/AsyncSSLSocket.h
View file @ 38442e01
...@@ -561,6 +561,12 @@ class AsyncSSLSocket : public virtual AsyncSocket { ...@@ -561,6 +561,12 @@ class AsyncSSLSocket : public virtual AsyncSocket {
std::string getSSLClientSigAlgs() const; std::string getSSLClientSigAlgs() const;
/**
* Get the list of versions in the supported versions extension (used to
* negotiate TLS 1.3).
*/
std::string getSSLClientSupportedVersions() const;
std::string getSSLAlertsReceived() const; std::string getSSLAlertsReceived() const;
/** /**
......
folly/io/async/ssl/TLSDefinitions.h
View file @ 38442e01
...@@ -51,6 +51,7 @@ enum class TLSExtension : uint16_t { ...@@ -51,6 +51,7 @@ enum class TLSExtension : uint16_t {
ENCRYPT_THEN_MAC = 22, ENCRYPT_THEN_MAC = 22,
EXTENDED_MASTER_SECRET = 23, EXTENDED_MASTER_SECRET = 23,
SESSION_TICKET = 35, SESSION_TICKET = 35,
SUPPORTED_VERSIONS = 43,
// Facebook-specific, not IANA assigned yet // Facebook-specific, not IANA assigned yet
TLS_CACHED_INFO_FB = 60001, TLS_CACHED_INFO_FB = 60001,
// End Facebook-specific // End Facebook-specific
...@@ -84,6 +85,7 @@ struct ClientHelloInfo { ...@@ -84,6 +85,7 @@ struct ClientHelloInfo {
std::vector<uint8_t> clientHelloCompressionMethods_; std::vector<uint8_t> clientHelloCompressionMethods_;
std::vector<TLSExtension> clientHelloExtensions_; std::vector<TLSExtension> clientHelloExtensions_;
std::vector<std::pair<HashAlgorithm, SignatureAlgorithm>> clientHelloSigAlgs_; std::vector<std::pair<HashAlgorithm, SignatureAlgorithm>> clientHelloSigAlgs_;
std::vector<uint16_t> clientHelloSupportedVersions_;
}; };
} // ssl } // ssl
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment