h2load: Add --tls13-ciphers option

db5ad837 · Tatsuhiro Tsujikawa · b558eeb8 · db5ad837 · db5ad837
Commit db5ad837 authored Aug 08, 2019 by Tatsuhiro Tsujikawa
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 3 deletions

src/h2load.cc src/h2load.cc +20 -3

src/h2load.h src/h2load.h +1 -0

No files found.
--- a/src/h2load.cc
+++ b/src/h2load.cc
@@ -77,6 +77,8 @@ bool recorded(const std::chrono::steady_clock::time_point &t) {

 Config::Config()
    : ciphers(tls::DEFAULT_CIPHER_LIST),
+      tls13_ciphers("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_"
+                    "CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256"),
      groups("P-256:X25519:P-384:P-521"),
      data_length(-1),
      addrs(nullptr),
@@ -2099,10 +2101,15 @@ Options:
  -H, --header=<HEADER>
              Add/Override a header to the requests.
  --ciphers=<SUITE>
-              Set allowed  cipher list.  The  format of the  string is
-              described in OpenSSL ciphers(1).
+              Set  allowed cipher  list  for TLSv1.2  or ealier.   The
+              format of the string is described in OpenSSL ciphers(1).
              Default: )"
      << config.ciphers << R"(
+  --tls13-ciphers=<SUITE>
+              Set allowed cipher list for  TLSv1.3.  The format of the
+              string is described in OpenSSL ciphers(1).
+              Default: )"
+      << config.tls13_ciphers << R"(
  -p, --no-tls-proto=<PROTOID>
              Specify ALPN identifier of the  protocol to be used when
              accessing http URI without SSL/TLS.
@@ -2286,6 +2293,7 @@ int main(int argc, char **argv) {
        {"connect-to", required_argument, &flag, 11},
        {"rps", required_argument, &flag, 12},
        {"groups", required_argument, &flag, 13},
+        {"tls13-ciphers", required_argument, &flag, 14},
        {nullptr, 0, nullptr, 0}};
    int option_index = 0;
    auto c = getopt_long(argc, argv,
@@ -2540,6 +2548,10 @@ int main(int argc, char **argv) {
        // --groups
        config.groups = optarg;
        break;
+      case 14:
+        // --tls13-ciphers
+        config.tls13_ciphers = optarg;
+        break;
      }
      break;
    default:
@@ -2767,7 +2779,12 @@ int main(int argc, char **argv) {
    exit(EXIT_FAILURE);
  }

-  // TODO Use SSL_CTX_set_ciphersuites to set TLSv1.3 cipher list
+  if (SSL_CTX_set_ciphersuites(ssl_ctx, config.tls13_ciphers.c_str()) == 0) {
+    std::cerr << "SSL_CTX_set_ciphersuites with " << config.tls13_ciphers
+              << " failed: " << ERR_error_string(ERR_get_error(), nullptr)
+              << std::endl;
+    exit(EXIT_FAILURE);
+  }

  if (SSL_CTX_set1_groups_list(ssl_ctx, config.groups.c_str()) != 1) {
    std::cerr << "SSL_CTX_set1_groups_list failed" << std::endl;

--- a/src/h2load.h
+++ b/src/h2load.h
@@ -75,6 +75,7 @@ struct Config {
  std::string connect_to_host;
  std::string ifile;
  std::string ciphers;
+  std::string tls13_ciphers;
  // supported groups (or curves).
  std::string groups;
  // length of upload data