Mutualize TLS version and cipher code

2021-01-20 04:08:03 +01:00 · 2021-01-20 04:08:03 +01:00 · 4b370930b5
commit 4b370930b5
parent b05a5c818d
4 changed files with 27 additions and 41 deletions
--- a/pkg/middlewares/accesslog/logger.go
+++ b/pkg/middlewares/accesslog/logger.go
@ -210,8 +210,8 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http
 	core[RequestScheme] = "http"
 	if req.TLS != nil {
 		core[RequestScheme] = "https"
-		core[TLSVersion] = getRequestTLSVersion(req)
-		core[TLSCipher] = getRequestTLSCipher(req)
+		core[TLSVersion] = traefiktls.GetVersion(req.TLS)
+		core[TLSCipher] = traefiktls.GetCipherName(req.TLS)
 	}

 	core[ClientAddr] = req.RemoteAddr
@ -385,19 +385,3 @@ var requestCounter uint64 // Request ID
 func nextRequestCount() uint64 {
 	return atomic.AddUint64(&requestCounter, 1)
 }
-
-func getRequestTLSVersion(req *http.Request) string {
-	if version, ok := traefiktls.VersionsReversed[req.TLS.Version]; ok {
-		return version
-	}
-
-	return "unknown"
-}
-
-func getRequestTLSCipher(req *http.Request) string {
-	if cypher, ok := traefiktls.CipherSuitesReversed[req.TLS.CipherSuite]; ok {
-		return cypher
-	}
-
-	return "unknown"
-}
--- a/pkg/middlewares/metrics/metrics.go
+++ b/pkg/middlewares/metrics/metrics.go
@ -89,7 +89,7 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)
 	if req.TLS != nil {
 		var tlsLabels []string
 		tlsLabels = append(tlsLabels, m.baseLabels...)
-		tlsLabels = append(tlsLabels, "tls_version", getRequestTLSVersion(req), "tls_cipher", getRequestTLSCipher(req))
+		tlsLabels = append(tlsLabels, "tls_version", traefiktls.GetVersion(req.TLS), "tls_cipher", traefiktls.GetCipherName(req.TLS))

 		m.reqsTLSCounter.With(tlsLabels...).Add(1)
 	}
@ -146,22 +146,6 @@ func getMethod(r *http.Request) string {
 	return r.Method
 }

-func getRequestTLSVersion(req *http.Request) string {
-	if version, ok := traefiktls.VersionsReversed[req.TLS.Version]; ok {
-		return version
-	}
-
-	return "unknown"
-}
-
-func getRequestTLSCipher(req *http.Request) string {
-	if version, ok := traefiktls.CipherSuitesReversed[req.TLS.CipherSuite]; ok {
-		return version
-	}
-
-	return "unknown"
-}
-
 type retryMetrics interface {
 	ServiceRetriesCounter() gokitmetrics.Counter
 }
--- a/pkg/tls/cipher.go
+++ b/pkg/tls/cipher.go
@ -69,3 +69,13 @@ var (
 		tls.TLS_FALLBACK_SCSV:                             `TLS_FALLBACK_SCSV`,
 	}
 )
+
+// GetCipherName returns the Cipher suite name.
+// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
+func GetCipherName(connState *tls.ConnectionState) string {
+	if cipher, ok := CipherSuitesReversed[connState.CipherSuite]; ok {
+		return cipher
+	}
+
+	return "unknown"
+}
--- a/pkg/tls/version.go
+++ b/pkg/tls/version.go
@ -2,11 +2,19 @@ package tls

 import "crypto/tls"

-// VersionsReversed Map of TLS versions from crypto/tls
+// GetVersion returns the normalized TLS version.
 // Available TLS versions defined at https://golang.org/pkg/crypto/tls/#pkg-constants
-var VersionsReversed = map[uint16]string{
-	tls.VersionTLS10: "1.0",
-	tls.VersionTLS11: "1.1",
-	tls.VersionTLS12: "1.2",
-	tls.VersionTLS13: "1.3",
+func GetVersion(connState *tls.ConnectionState) string {
+	switch connState.Version {
+	case tls.VersionTLS10:
+		return "1.0"
+	case tls.VersionTLS11:
+		return "1.1"
+	case tls.VersionTLS12:
+		return "1.2"
+	case tls.VersionTLS13:
+		return "1.3"
+	}
+
+	return "unknown"
 }