Hello William,
Thank you for the quick review and feedback, appreciate it. I wasn't sure how
to send this patch
as a reply to the original patch I submitted but I hope I made the changes you
recommended. I made
the following changes:
- renamed `req.ssl_ciphers` to `req.ssl_cipherlist`
- I was not sure if any changes needed to be made to `req.ssl_keyshare_groups`.
This is usually a
subset of the list of curves available in the supported_groups and represents
the specific curve
chosen by the client from its list of supported groups to use for the current
key exchange. For
example, if the supported group = {0017:0018} in binary form {secp256r1,
secp384r1}, then the
keyshare group can be 0017.
- req.ssl_supported_groups & req.ssl_sigalgs - no changes
- Updated the test to fix all the errors. I had tested it before submitting the
original patch which
worked in my env but failed for other SSL flavors and platforms. Made the
required changes there.
This patch includes functionality to add sample fetches to get ciphers,
supported groups,
key shares and sigalgs from the ClientHello message. This will help enhance
observability and
help direct traffic to different backends based on different algorithms
supported by the client
for key exchange, for example.Included in this patch are the new sample fetch
implementation,
doc changes and regression test.
Thanks,
Mariam.
Mariam John (1):
MINOR: sample: Add sample fetches for enhanced observability for TLS
ClientHello
doc/configuration.txt | 61 ++
include/haproxy/buf-t.h | 2 +
reg-tests/checks/tcp-check-client-hello.vtc | 84 +++
src/payload.c | 629 +++++++++++++++++++-
4 files changed, 775 insertions(+), 1 deletion(-)
create mode 100644 reg-tests/checks/tcp-check-client-hello.vtc
--
2.39.3 (Apple Git-145)
