Commit c7087eb7 authored by Anirudh Ramachandran's avatar Anirudh Ramachandran Committed by Facebook Github Bot 3

Add option to retrieve hex representation of client ciphers

Summary: A more compact hex representation of ciphers in ClientHello can be useful, e.g., for logging.

Reviewed By: knekritz

Differential Revision: D3052308

fb-gh-sync-id: beaf6fcd4705d4d7fae652d8d8b95b52ca9e07a9
shipit-source-id: beaf6fcd4705d4d7fae652d8d8b95b52ca9e07a9
parent 5b48f33a
...@@ -538,7 +538,9 @@ class AsyncSSLSocket : public virtual AsyncSocket { ...@@ -538,7 +538,9 @@ class AsyncSSLSocket : public virtual AsyncSocket {
* Get the list of supported ciphers sent by the client in the client's * Get the list of supported ciphers sent by the client in the client's
* preference order. * preference order.
*/ */
void getSSLClientCiphers(std::string& clientCiphers) const { void getSSLClientCiphers(
std::string& clientCiphers,
bool convertToString = true) const {
std::stringstream ciphersStream; std::stringstream ciphersStream;
std::string cipherName; std::string cipherName;
...@@ -550,22 +552,25 @@ class AsyncSSLSocket : public virtual AsyncSocket { ...@@ -550,22 +552,25 @@ class AsyncSSLSocket : public virtual AsyncSocket {
for (auto originalCipherCode : clientHelloInfo_->clientHelloCipherSuites_) for (auto originalCipherCode : clientHelloInfo_->clientHelloCipherSuites_)
{ {
const SSL_CIPHER* cipher = nullptr;
if (convertToString) {
// OpenSSL expects code as a big endian char array // OpenSSL expects code as a big endian char array
auto cipherCode = htons(originalCipherCode); auto cipherCode = htons(originalCipherCode);
#if defined(SSL_OP_NO_TLSv1_2) #if defined(SSL_OP_NO_TLSv1_2)
const SSL_CIPHER* cipher = cipher =
TLSv1_2_method()->get_cipher_by_char((unsigned char*)&cipherCode); TLSv1_2_method()->get_cipher_by_char((unsigned char*)&cipherCode);
#elif defined(SSL_OP_NO_TLSv1_1) #elif defined(SSL_OP_NO_TLSv1_1)
const SSL_CIPHER* cipher = cipher =
TLSv1_1_method()->get_cipher_by_char((unsigned char*)&cipherCode); TLSv1_1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
#elif defined(SSL_OP_NO_TLSv1) #elif defined(SSL_OP_NO_TLSv1)
const SSL_CIPHER* cipher = cipher =
TLSv1_method()->get_cipher_by_char((unsigned char*)&cipherCode); TLSv1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
#else #else
const SSL_CIPHER* cipher = cipher =
SSLv3_method()->get_cipher_by_char((unsigned char*)&cipherCode); SSLv3_method()->get_cipher_by_char((unsigned char*)&cipherCode);
#endif #endif
}
if (cipher == nullptr) { if (cipher == nullptr) {
ciphersStream << std::setfill('0') << std::setw(4) << std::hex ciphersStream << std::setfill('0') << std::setw(4) << std::hex
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment