From: Mariam John
Fix a minor typo in the description of the `ssl_bc` sample fetch method
described under
Section `7.3.4. Fetching samples at Layer 5` in configuration.txt. Changed
`other` to `to`.
---
doc/configuration.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a
- doc changes to add description for the new sample fetch methods
- updates the existing regression tests to test the new sample fetch methods
This uses the function `SSL_get_negotiated_group` method available from the
OpenSSLv3 release.
Thank you.
Mariam John (1):
MEDIUM: ssl: new sample
Adds a new sample fetch method to get the curve name used in the
key agreement to enable better observability. In OpenSSLv3, the function
`SSL_get_negotiated_group` returns the NID of the curve and from the NID,
we get the curve name by passing the NID to OBJ_nid2sn. This was not
available in v1.1.
project, so I am
still learning the process. Appreciate your patience and guidance.
Thank you and have a good day.
Regards,
Mariam.
From: Aleksandar Lazic
Date: Tuesday, June 20, 2023 at 3:51 PM
To: Mariam John , haproxy@formilux.org
Cc: eb...@haproxy.com , wlallem...@haproxy.com
Subject
Adds a new sample fetch method to get the curve name used in the
key agreement to enable better observability. In OpenSSLv3, the function
`SSL_get_negotiated_group` returns the NID of the curve and from the NID,
we get the curve name by passing the NID to OBJ_nid2sn. This was not
available in v1.1.
- doc changes to add description for the new sample fetch methods
- updates the existing regression tests to test the new sample fetch methods
This uses the function `SSL_get_negotiated_group` method available from the
OpenSSLv3 release.
Thank you.
Mariam John (1):
MEDIUM: ssl: new sample
Indeed I did. I send the patch from the old folder. I apologize for the mistake
on my part. I am sending the right one now.
Thank you for your patience.
Regards,
Mariam.
From: William Lallemand
Date: Monday, July 17, 2023 at 4:28 AM
To: Mariam John
Cc: haproxy@formilux.org , eb
s the function `SSL_get_negotiated_group` method available from the
OpenSSLv3 release.
Thank you.
Mariam John (1):
MEDIUM: ssl: new sample fetch method to get curve name
doc/configuration.txt| 10 +++
reg-tests/ssl/ssl_curve_name.vtc | 51
Adds a new sample fetch method to get the curve name used in the
key agreement to enable better observability. In OpenSSLv3, the function
`SSL_get_negotiated_group` returns the NID of the curve and from the NID,
we get the curve name by passing the NID to OBJ_nid2sn. This was not
available in v1.1.
The function `smp_fetch_ssl_fc_ec` gets the curve name used during key
exchange. It currently uses the `SSL_get_negotiated_group`,
available since OpenSSLv3.0 to get the nid and derive the short name of the
curve from the nid. In OpenSSLv3.2, a new function,
`SSL_get0_group_name` was added that d
Update ssl_fc_curve/ssl_fc_curve to use `SSL_get0_group_name` function
(available from the
OpenSSL v3.2 release onwards) to get the curve name. For OpenSSL versions >=3.0
and <3.2, we
will continue to use `SSL_get_negotiated_group` to get the curve name.
Mariam John (1):
BUG/MINO
Update ssl_fc_curve/ssl_fc_curve to use `SSL_get0_group_name` function
(available from the
OpenSSL v3.2 release onwards) to get the curve name. For OpenSSL versions >=3.0
and <3.2, we
will continue to use `SSL_get_negotiated_group` to get the curve name.
Mariam John (1):
BUG/MINO
The function `smp_fetch_ssl_fc_ec` gets the curve name used during key
exchange. It currently uses the `SSL_get_negotiated_group`,
available since OpenSSLv3.0 to get the nid and derive the short name of the
curve from the nid. In OpenSSLv3.2, a new function,
`SSL_get0_group_name` was added that d
Happy new year!! Just wanted to see if this patch could move forward. I have
made the changes recommended by William.
Thank you for your time.
Regards,
Mariam.
From: Mariam John
Date: Friday, December 29, 2023 at 11:20 AM
To: haproxy@formilux.org
Cc: eb...@haproxy.com , wlallem
Thank you Willy for the update. Appreciate it. Please take your time. I totally
understand. Just wanted to make sure it wasn’t lost or forgotten about.
Thank you once again.
Regards,
Mariam.
From: Willy Tarreau
Date: Monday, January 8, 2024 at 1:25 PM
To: Mariam John
Cc: Mariam John
Thank you William. Appreciate you taking the time to fix all the discrepancies
in my patch. Have a good rest of your day.
Regards,
Mariam.
From: William Lallemand
Date: Tuesday, January 9, 2024 at 5:05 AM
To: Mariam John , Willy Tarreau
Cc: Mariam John , haproxy@formilux.org
, eb
raffic to different backends based on different algorithms
supported by the client
for key exchange, for example.Included in this patch are the new sample fetch
implementation,
doc changes and regression test.
Thanks,
Mariam.
Mariam John (1):
MINOR: sample: Add sample fetches for enhanced observabilit
Add new sample fetches to get the ciphers, supported groups, key shares and
signature algorithms
that the client supports during a TLS handshake as part of the contents of a
TLS ClientHello.
Currently we can get the following contents of the ClientHello message:
SNI(req_ssl_sni) and
TLS protocol
Add new sample fetches to get the ciphers, supported groups, key shares and
signature algorithms
that the client supports during a TLS handshake as part of the contents of a
TLS ClientHello.
Currently we can get the following contents of the ClientHello message:
SNI(req_ssl_sni) and
TLS protocol
- Added a new function to do generic clienthello parsing that you can be used
in every fetch in payload.c
Thanks,
Mariam.
Mariam John (1):
MINOR: sample: Add sample fetches for enhanced observability for TLS
ClientHello
doc/configuration.txt | 66 ++
reg-tests
raffic to different backends based on different algorithms
supported by the client
for key exchange, for example.Included in this patch are the new sample fetch
implementation,
doc changes and regression test.
Thanks,
Mariam.
Mariam John (1):
MINOR: sample: Add sample fetches for enhanced observabilit
exchange, for example.Included in this patch are the new sample fetch
implementation,
doc changes and regression test.
Mariam John (1):
MINOR: sample: Add sample fetches for enhanced observability for TLS
ClientHello
doc/configuration.txt | 61 ++
include/haproxy/buf-t.h
Add new sample fetches to get the ciphers, supported groups, key shares and
signature algorithms
that the client supports during a TLS handshake as part of the contents of a
TLS ClientHello.
Currently we can get the following contents of the ClientHello message:
SNI(req_ssl_sni) and
TLS protocol
contributed to this last patch and helped me
fix all the
formatting issues, so hopefully that will make it easy for you to review. Thank
you David.
Thank you William for helping us move this forward. Appreciate all your
feedback.
Regards,
Mariam.
Mariam John (1):
MINOR: ssl: Introduce new
In this patch we introduce a new helped function called
`smp_client_hello_parse()` to extract
information presented in a TLS client hello handshake message. 7 sample fetches
have also been
modified to use this helped function to do the common client hello parsing and
use the result
to do further
`parse_extensions`.
Fetches 1 to 7 will pass true
and `smp_fetch_ssl_cipherlist` will pass `false`. You had mentioned to use a
union for this but I wasn't
sure how to use it here.
Thank you once again for taking the time to review.
Thanks,
Mariam.
Mariam John (3):
PATCH-1: Add 4 new fetch functio
---
reg-tests/checks/tcp-check-client-hello.vtc | 81 +
1 file changed, 81 insertions(+)
create mode 100644 reg-tests/checks/tcp-check-client-hello.vtc
diff --git a/reg-tests/checks/tcp-check-client-hello.vtc
b/reg-tests/checks/tcp-check-client-hello.vtc
new file mode 100644
This patch contains the 4 new fetches and doc changes for the new fetches.
Towards:#2532
---
doc/configuration.txt | 66 ++
src/payload.c | 507 ++
2 files changed, 573 insertions(+)
diff --git a/doc/configuration.txt b/doc/configuration.txt
i
Add new smp_client_hello_parse() function to parse client hello and uses it in
every fetch.
Modified the following existing fetches to use this new parsing function to do
the initial parsing,
while the client extension processing are done within the fetches itself:
- smp_fetch_req_ssl_st_ext
-
To: Mariam John
Cc: haproxy@formilux.org
Subject: [EXTERNAL] Re: [PATCH 0/3] Add 4 new sample fetches to get ciphers,
supported groups, key shares and sigalgs from ClientHello message
Hello Mariam,
On Wed, Apr 16, 2025 at 08:36:06AM -0500, Mariam John wrote:
> Subject: [PATCH 0/3] Add 4
Thank you William.
Regards,
Mariam.
From: William Lallemand
Date: Thursday, April 17, 2025 at 11:15 AM
To: MARIAM JOHN
Cc: Mariam John , haproxy@formilux.org
Subject: [EXTERNAL] Re: [PATCH 0/3] Add 4 new sample fetches to get ciphers,
supported groups, key shares and sigalgs from
Thank you William for all your help. Appreciate it.
Regards,
Mariam.
From: William Lallemand
Date: Tuesday, July 1, 2025 at 4:57 AM
To: Mariam John
Cc: haproxy@formilux.org , MARIAM JOHN
Subject: [EXTERNAL] Re: [PATCH 0/1] Add new helper function
smp_client_hello_parse()
On Wed, Apr 30
32 matches
Mail list logo
