From 4b370930b5581dd91866f83bbc992cc2d4e337cb Mon Sep 17 00:00:00 2001 From: Romain Date: Wed, 20 Jan 2021 04:08:03 +0100 Subject: [PATCH] Mutualize TLS version and cipher code --- pkg/middlewares/accesslog/logger.go | 20 ++------------------ pkg/middlewares/metrics/metrics.go | 18 +----------------- pkg/tls/cipher.go | 10 ++++++++++ pkg/tls/version.go | 20 ++++++++++++++------ 4 files changed, 27 insertions(+), 41 deletions(-) diff --git a/pkg/middlewares/accesslog/logger.go b/pkg/middlewares/accesslog/logger.go index 8698852dd..b3657b67a 100644 --- a/pkg/middlewares/accesslog/logger.go +++ b/pkg/middlewares/accesslog/logger.go @@ -210,8 +210,8 @@ func (h *Handler) ServeHTTP(rw http.ResponseWriter, req *http.Request, next http core[RequestScheme] = "http" if req.TLS != nil { core[RequestScheme] = "https" - core[TLSVersion] = getRequestTLSVersion(req) - core[TLSCipher] = getRequestTLSCipher(req) + core[TLSVersion] = traefiktls.GetVersion(req.TLS) + core[TLSCipher] = traefiktls.GetCipherName(req.TLS) } core[ClientAddr] = req.RemoteAddr @@ -385,19 +385,3 @@ var requestCounter uint64 // Request ID func nextRequestCount() uint64 { return atomic.AddUint64(&requestCounter, 1) } - -func getRequestTLSVersion(req *http.Request) string { - if version, ok := traefiktls.VersionsReversed[req.TLS.Version]; ok { - return version - } - - return "unknown" -} - -func getRequestTLSCipher(req *http.Request) string { - if cypher, ok := traefiktls.CipherSuitesReversed[req.TLS.CipherSuite]; ok { - return cypher - } - - return "unknown" -} diff --git a/pkg/middlewares/metrics/metrics.go b/pkg/middlewares/metrics/metrics.go index 6d9bd2966..116afa850 100644 --- a/pkg/middlewares/metrics/metrics.go +++ b/pkg/middlewares/metrics/metrics.go @@ -89,7 +89,7 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request) if req.TLS != nil { var tlsLabels []string tlsLabels = append(tlsLabels, m.baseLabels...) - tlsLabels = append(tlsLabels, "tls_version", getRequestTLSVersion(req), "tls_cipher", getRequestTLSCipher(req)) + tlsLabels = append(tlsLabels, "tls_version", traefiktls.GetVersion(req.TLS), "tls_cipher", traefiktls.GetCipherName(req.TLS)) m.reqsTLSCounter.With(tlsLabels...).Add(1) } @@ -146,22 +146,6 @@ func getMethod(r *http.Request) string { return r.Method } -func getRequestTLSVersion(req *http.Request) string { - if version, ok := traefiktls.VersionsReversed[req.TLS.Version]; ok { - return version - } - - return "unknown" -} - -func getRequestTLSCipher(req *http.Request) string { - if version, ok := traefiktls.CipherSuitesReversed[req.TLS.CipherSuite]; ok { - return version - } - - return "unknown" -} - type retryMetrics interface { ServiceRetriesCounter() gokitmetrics.Counter } diff --git a/pkg/tls/cipher.go b/pkg/tls/cipher.go index 07cbfd7d6..8925cd534 100644 --- a/pkg/tls/cipher.go +++ b/pkg/tls/cipher.go @@ -69,3 +69,13 @@ var ( tls.TLS_FALLBACK_SCSV: `TLS_FALLBACK_SCSV`, } ) + +// GetCipherName returns the Cipher suite name. +// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants +func GetCipherName(connState *tls.ConnectionState) string { + if cipher, ok := CipherSuitesReversed[connState.CipherSuite]; ok { + return cipher + } + + return "unknown" +} diff --git a/pkg/tls/version.go b/pkg/tls/version.go index 5ff14cff3..8e6b5cfe0 100644 --- a/pkg/tls/version.go +++ b/pkg/tls/version.go @@ -2,11 +2,19 @@ package tls import "crypto/tls" -// VersionsReversed Map of TLS versions from crypto/tls +// GetVersion returns the normalized TLS version. // Available TLS versions defined at https://golang.org/pkg/crypto/tls/#pkg-constants -var VersionsReversed = map[uint16]string{ - tls.VersionTLS10: "1.0", - tls.VersionTLS11: "1.1", - tls.VersionTLS12: "1.2", - tls.VersionTLS13: "1.3", +func GetVersion(connState *tls.ConnectionState) string { + switch connState.Version { + case tls.VersionTLS10: + return "1.0" + case tls.VersionTLS11: + return "1.1" + case tls.VersionTLS12: + return "1.2" + case tls.VersionTLS13: + return "1.3" + } + + return "unknown" }