Add metrics about TLS
This commit is contained in:
Traefiker Bot
GitHub
parent
a6040c623b
commit
ad6bf936d5
6 changed files with 178 additions and 37 deletions
|
|
@ -20,11 +20,13 @@ type Registry interface {
|
||||||
|
|
||||||
// entry point metrics
|
// entry point metrics
|
||||||
EntryPointReqsCounter() metrics.Counter
|
EntryPointReqsCounter() metrics.Counter
|
||||||
|
EntryPointReqsTLSCounter() metrics.Counter
|
||||||
EntryPointReqDurationHistogram() metrics.Histogram
|
EntryPointReqDurationHistogram() metrics.Histogram
|
||||||
EntryPointOpenConnsGauge() metrics.Gauge
|
EntryPointOpenConnsGauge() metrics.Gauge
|
||||||
|
|
||||||
// service metrics
|
// service metrics
|
||||||
ServiceReqsCounter() metrics.Counter
|
ServiceReqsCounter() metrics.Counter
|
||||||
|
ServiceReqsTLSCounter() metrics.Counter
|
||||||
ServiceReqDurationHistogram() metrics.Histogram
|
ServiceReqDurationHistogram() metrics.Histogram
|
||||||
ServiceOpenConnsGauge() metrics.Gauge
|
ServiceOpenConnsGauge() metrics.Gauge
|
||||||
ServiceRetriesCounter() metrics.Counter
|
ServiceRetriesCounter() metrics.Counter
|
||||||
|
|
@ -46,9 +48,11 @@ func NewMultiRegistry(registries []Registry) Registry {
|
||||||
var lastConfigReloadSuccessGauge []metrics.Gauge
|
var lastConfigReloadSuccessGauge []metrics.Gauge
|
||||||
var lastConfigReloadFailureGauge []metrics.Gauge
|
var lastConfigReloadFailureGauge []metrics.Gauge
|
||||||
var entryPointReqsCounter []metrics.Counter
|
var entryPointReqsCounter []metrics.Counter
|
||||||
|
var entryPointReqsTLSCounter []metrics.Counter
|
||||||
var entryPointReqDurationHistogram []metrics.Histogram
|
var entryPointReqDurationHistogram []metrics.Histogram
|
||||||
var entryPointOpenConnsGauge []metrics.Gauge
|
var entryPointOpenConnsGauge []metrics.Gauge
|
||||||
var serviceReqsCounter []metrics.Counter
|
var serviceReqsCounter []metrics.Counter
|
||||||
|
var serviceReqsTLSCounter []metrics.Counter
|
||||||
var serviceReqDurationHistogram []metrics.Histogram
|
var serviceReqDurationHistogram []metrics.Histogram
|
||||||
var serviceOpenConnsGauge []metrics.Gauge
|
var serviceOpenConnsGauge []metrics.Gauge
|
||||||
var serviceRetriesCounter []metrics.Counter
|
var serviceRetriesCounter []metrics.Counter
|
||||||
|
|
@ -70,6 +74,9 @@ func NewMultiRegistry(registries []Registry) Registry {
|
||||||
if r.EntryPointReqsCounter() != nil {
|
if r.EntryPointReqsCounter() != nil {
|
||||||
entryPointReqsCounter = append(entryPointReqsCounter, r.EntryPointReqsCounter())
|
entryPointReqsCounter = append(entryPointReqsCounter, r.EntryPointReqsCounter())
|
||||||
}
|
}
|
||||||
|
if r.EntryPointReqsTLSCounter() != nil {
|
||||||
|
entryPointReqsTLSCounter = append(entryPointReqsTLSCounter, r.EntryPointReqsTLSCounter())
|
||||||
|
}
|
||||||
if r.EntryPointReqDurationHistogram() != nil {
|
if r.EntryPointReqDurationHistogram() != nil {
|
||||||
entryPointReqDurationHistogram = append(entryPointReqDurationHistogram, r.EntryPointReqDurationHistogram())
|
entryPointReqDurationHistogram = append(entryPointReqDurationHistogram, r.EntryPointReqDurationHistogram())
|
||||||
}
|
}
|
||||||
|
|
@ -79,6 +86,9 @@ func NewMultiRegistry(registries []Registry) Registry {
|
||||||
if r.ServiceReqsCounter() != nil {
|
if r.ServiceReqsCounter() != nil {
|
||||||
serviceReqsCounter = append(serviceReqsCounter, r.ServiceReqsCounter())
|
serviceReqsCounter = append(serviceReqsCounter, r.ServiceReqsCounter())
|
||||||
}
|
}
|
||||||
|
if r.ServiceReqsTLSCounter() != nil {
|
||||||
|
serviceReqsTLSCounter = append(serviceReqsTLSCounter, r.ServiceReqsTLSCounter())
|
||||||
|
}
|
||||||
if r.ServiceReqDurationHistogram() != nil {
|
if r.ServiceReqDurationHistogram() != nil {
|
||||||
serviceReqDurationHistogram = append(serviceReqDurationHistogram, r.ServiceReqDurationHistogram())
|
serviceReqDurationHistogram = append(serviceReqDurationHistogram, r.ServiceReqDurationHistogram())
|
||||||
}
|
}
|
||||||
|
|
@ -101,9 +111,11 @@ func NewMultiRegistry(registries []Registry) Registry {
|
||||||
lastConfigReloadSuccessGauge: multi.NewGauge(lastConfigReloadSuccessGauge...),
|
lastConfigReloadSuccessGauge: multi.NewGauge(lastConfigReloadSuccessGauge...),
|
||||||
lastConfigReloadFailureGauge: multi.NewGauge(lastConfigReloadFailureGauge...),
|
lastConfigReloadFailureGauge: multi.NewGauge(lastConfigReloadFailureGauge...),
|
||||||
entryPointReqsCounter: multi.NewCounter(entryPointReqsCounter...),
|
entryPointReqsCounter: multi.NewCounter(entryPointReqsCounter...),
|
||||||
|
entryPointReqsTLSCounter: multi.NewCounter(entryPointReqsTLSCounter...),
|
||||||
entryPointReqDurationHistogram: multi.NewHistogram(entryPointReqDurationHistogram...),
|
entryPointReqDurationHistogram: multi.NewHistogram(entryPointReqDurationHistogram...),
|
||||||
entryPointOpenConnsGauge: multi.NewGauge(entryPointOpenConnsGauge...),
|
entryPointOpenConnsGauge: multi.NewGauge(entryPointOpenConnsGauge...),
|
||||||
serviceReqsCounter: multi.NewCounter(serviceReqsCounter...),
|
serviceReqsCounter: multi.NewCounter(serviceReqsCounter...),
|
||||||
|
serviceReqsTLSCounter: multi.NewCounter(serviceReqsTLSCounter...),
|
||||||
serviceReqDurationHistogram: multi.NewHistogram(serviceReqDurationHistogram...),
|
serviceReqDurationHistogram: multi.NewHistogram(serviceReqDurationHistogram...),
|
||||||
serviceOpenConnsGauge: multi.NewGauge(serviceOpenConnsGauge...),
|
serviceOpenConnsGauge: multi.NewGauge(serviceOpenConnsGauge...),
|
||||||
serviceRetriesCounter: multi.NewCounter(serviceRetriesCounter...),
|
serviceRetriesCounter: multi.NewCounter(serviceRetriesCounter...),
|
||||||
|
|
@ -119,9 +131,11 @@ type standardRegistry struct {
|
||||||
lastConfigReloadSuccessGauge metrics.Gauge
|
lastConfigReloadSuccessGauge metrics.Gauge
|
||||||
lastConfigReloadFailureGauge metrics.Gauge
|
lastConfigReloadFailureGauge metrics.Gauge
|
||||||
entryPointReqsCounter metrics.Counter
|
entryPointReqsCounter metrics.Counter
|
||||||
|
entryPointReqsTLSCounter metrics.Counter
|
||||||
entryPointReqDurationHistogram metrics.Histogram
|
entryPointReqDurationHistogram metrics.Histogram
|
||||||
entryPointOpenConnsGauge metrics.Gauge
|
entryPointOpenConnsGauge metrics.Gauge
|
||||||
serviceReqsCounter metrics.Counter
|
serviceReqsCounter metrics.Counter
|
||||||
|
serviceReqsTLSCounter metrics.Counter
|
||||||
serviceReqDurationHistogram metrics.Histogram
|
serviceReqDurationHistogram metrics.Histogram
|
||||||
serviceOpenConnsGauge metrics.Gauge
|
serviceOpenConnsGauge metrics.Gauge
|
||||||
serviceRetriesCounter metrics.Counter
|
serviceRetriesCounter metrics.Counter
|
||||||
|
|
@ -156,6 +170,10 @@ func (r *standardRegistry) EntryPointReqsCounter() metrics.Counter {
|
||||||
return r.entryPointReqsCounter
|
return r.entryPointReqsCounter
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (r *standardRegistry) EntryPointReqsTLSCounter() metrics.Counter {
|
||||||
|
return r.entryPointReqsTLSCounter
|
||||||
|
}
|
||||||
|
|
||||||
func (r *standardRegistry) EntryPointReqDurationHistogram() metrics.Histogram {
|
func (r *standardRegistry) EntryPointReqDurationHistogram() metrics.Histogram {
|
||||||
return r.entryPointReqDurationHistogram
|
return r.entryPointReqDurationHistogram
|
||||||
}
|
}
|
||||||
|
|
@ -168,6 +186,10 @@ func (r *standardRegistry) ServiceReqsCounter() metrics.Counter {
|
||||||
return r.serviceReqsCounter
|
return r.serviceReqsCounter
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (r *standardRegistry) ServiceReqsTLSCounter() metrics.Counter {
|
||||||
|
return r.serviceReqsTLSCounter
|
||||||
|
}
|
||||||
|
|
||||||
func (r *standardRegistry) ServiceReqDurationHistogram() metrics.Histogram {
|
func (r *standardRegistry) ServiceReqDurationHistogram() metrics.Histogram {
|
||||||
return r.serviceReqDurationHistogram
|
return r.serviceReqDurationHistogram
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,6 +30,7 @@ const (
|
||||||
// entry point
|
// entry point
|
||||||
metricEntryPointPrefix = MetricNamePrefix + "entrypoint_"
|
metricEntryPointPrefix = MetricNamePrefix + "entrypoint_"
|
||||||
entryPointReqsTotalName = metricEntryPointPrefix + "requests_total"
|
entryPointReqsTotalName = metricEntryPointPrefix + "requests_total"
|
||||||
|
entryPointReqsTLSTotalName = metricEntryPointPrefix + "requests_tls_total"
|
||||||
entryPointReqDurationName = metricEntryPointPrefix + "request_duration_seconds"
|
entryPointReqDurationName = metricEntryPointPrefix + "request_duration_seconds"
|
||||||
entryPointOpenConnsName = metricEntryPointPrefix + "open_connections"
|
entryPointOpenConnsName = metricEntryPointPrefix + "open_connections"
|
||||||
|
|
||||||
|
|
@ -38,6 +39,7 @@ const (
|
||||||
// MetricServicePrefix prefix of all service metric names
|
// MetricServicePrefix prefix of all service metric names
|
||||||
MetricServicePrefix = MetricNamePrefix + "service_"
|
MetricServicePrefix = MetricNamePrefix + "service_"
|
||||||
serviceReqsTotalName = MetricServicePrefix + "requests_total"
|
serviceReqsTotalName = MetricServicePrefix + "requests_total"
|
||||||
|
serviceReqsTLSTotalName = MetricServicePrefix + "requests_tls_total"
|
||||||
serviceReqDurationName = MetricServicePrefix + "request_duration_seconds"
|
serviceReqDurationName = MetricServicePrefix + "request_duration_seconds"
|
||||||
serviceOpenConnsName = MetricServicePrefix + "open_connections"
|
serviceOpenConnsName = MetricServicePrefix + "open_connections"
|
||||||
serviceRetriesTotalName = MetricServicePrefix + "retries_total"
|
serviceRetriesTotalName = MetricServicePrefix + "retries_total"
|
||||||
|
|
@ -136,6 +138,10 @@ func initStandardRegistry(config *types.Prometheus) Registry {
|
||||||
Name: entryPointReqsTotalName,
|
Name: entryPointReqsTotalName,
|
||||||
Help: "How many HTTP requests processed on an entrypoint, partitioned by status code, protocol, and method.",
|
Help: "How many HTTP requests processed on an entrypoint, partitioned by status code, protocol, and method.",
|
||||||
}, []string{"code", "method", "protocol", "entrypoint"})
|
}, []string{"code", "method", "protocol", "entrypoint"})
|
||||||
|
entryPointReqsTLS := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
|
||||||
|
Name: entryPointReqsTLSTotalName,
|
||||||
|
Help: "How many HTTP requests with TLS processed on an entrypoint, partitioned by TLS Version and TLS cipher Used.",
|
||||||
|
}, []string{"tls_version", "tls_cipher", "entrypoint"})
|
||||||
entryPointReqDurations := newHistogramFrom(promState.collectors, stdprometheus.HistogramOpts{
|
entryPointReqDurations := newHistogramFrom(promState.collectors, stdprometheus.HistogramOpts{
|
||||||
Name: entryPointReqDurationName,
|
Name: entryPointReqDurationName,
|
||||||
Help: "How long it took to process the request on an entrypoint, partitioned by status code, protocol, and method.",
|
Help: "How long it took to process the request on an entrypoint, partitioned by status code, protocol, and method.",
|
||||||
|
|
@ -148,10 +154,12 @@ func initStandardRegistry(config *types.Prometheus) Registry {
|
||||||
|
|
||||||
promState.describers = append(promState.describers, []func(chan<- *stdprometheus.Desc){
|
promState.describers = append(promState.describers, []func(chan<- *stdprometheus.Desc){
|
||||||
entryPointReqs.cv.Describe,
|
entryPointReqs.cv.Describe,
|
||||||
|
entryPointReqsTLS.cv.Describe,
|
||||||
entryPointReqDurations.hv.Describe,
|
entryPointReqDurations.hv.Describe,
|
||||||
entryPointOpenConns.gv.Describe,
|
entryPointOpenConns.gv.Describe,
|
||||||
}...)
|
}...)
|
||||||
reg.entryPointReqsCounter = entryPointReqs
|
reg.entryPointReqsCounter = entryPointReqs
|
||||||
|
reg.entryPointReqsTLSCounter = entryPointReqsTLS
|
||||||
reg.entryPointReqDurationHistogram = entryPointReqDurations
|
reg.entryPointReqDurationHistogram = entryPointReqDurations
|
||||||
reg.entryPointOpenConnsGauge = entryPointOpenConns
|
reg.entryPointOpenConnsGauge = entryPointOpenConns
|
||||||
}
|
}
|
||||||
|
|
@ -160,6 +168,10 @@ func initStandardRegistry(config *types.Prometheus) Registry {
|
||||||
Name: serviceReqsTotalName,
|
Name: serviceReqsTotalName,
|
||||||
Help: "How many HTTP requests processed on a service, partitioned by status code, protocol, and method.",
|
Help: "How many HTTP requests processed on a service, partitioned by status code, protocol, and method.",
|
||||||
}, []string{"code", "method", "protocol", "service"})
|
}, []string{"code", "method", "protocol", "service"})
|
||||||
|
serviceReqsTLS := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
|
||||||
|
Name: serviceReqsTLSTotalName,
|
||||||
|
Help: "How many HTTP requests with TLS processed on a service, partitioned by TLS version and TLS cipher.",
|
||||||
|
}, []string{"tls_version", "tls_cipher", "service"})
|
||||||
serviceReqDurations := newHistogramFrom(promState.collectors, stdprometheus.HistogramOpts{
|
serviceReqDurations := newHistogramFrom(promState.collectors, stdprometheus.HistogramOpts{
|
||||||
Name: serviceReqDurationName,
|
Name: serviceReqDurationName,
|
||||||
Help: "How long it took to process the request on a service, partitioned by status code, protocol, and method.",
|
Help: "How long it took to process the request on a service, partitioned by status code, protocol, and method.",
|
||||||
|
|
@ -180,6 +192,7 @@ func initStandardRegistry(config *types.Prometheus) Registry {
|
||||||
|
|
||||||
promState.describers = append(promState.describers, []func(chan<- *stdprometheus.Desc){
|
promState.describers = append(promState.describers, []func(chan<- *stdprometheus.Desc){
|
||||||
serviceReqs.cv.Describe,
|
serviceReqs.cv.Describe,
|
||||||
|
serviceReqsTLS.cv.Describe,
|
||||||
serviceReqDurations.hv.Describe,
|
serviceReqDurations.hv.Describe,
|
||||||
serviceOpenConns.gv.Describe,
|
serviceOpenConns.gv.Describe,
|
||||||
serviceRetries.cv.Describe,
|
serviceRetries.cv.Describe,
|
||||||
|
|
@ -187,6 +200,7 @@ func initStandardRegistry(config *types.Prometheus) Registry {
|
||||||
}...)
|
}...)
|
||||||
|
|
||||||
reg.serviceReqsCounter = serviceReqs
|
reg.serviceReqsCounter = serviceReqs
|
||||||
|
reg.serviceReqsTLSCounter = serviceReqsTLS
|
||||||
reg.serviceReqDurationHistogram = serviceReqDurations
|
reg.serviceReqDurationHistogram = serviceReqDurations
|
||||||
reg.serviceOpenConnsGauge = serviceOpenConns
|
reg.serviceOpenConnsGauge = serviceOpenConns
|
||||||
reg.serviceRetriesCounter = serviceRetries
|
reg.serviceRetriesCounter = serviceRetries
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ package metrics
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
|
"crypto/tls"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
@ -13,6 +14,7 @@ import (
|
||||||
"github.com/containous/traefik/v2/pkg/metrics"
|
"github.com/containous/traefik/v2/pkg/metrics"
|
||||||
"github.com/containous/traefik/v2/pkg/middlewares"
|
"github.com/containous/traefik/v2/pkg/middlewares"
|
||||||
"github.com/containous/traefik/v2/pkg/middlewares/retry"
|
"github.com/containous/traefik/v2/pkg/middlewares/retry"
|
||||||
|
traefiktls "github.com/containous/traefik/v2/pkg/tls"
|
||||||
gokitmetrics "github.com/go-kit/kit/metrics"
|
gokitmetrics "github.com/go-kit/kit/metrics"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -28,6 +30,7 @@ const (
|
||||||
type metricsMiddleware struct {
|
type metricsMiddleware struct {
|
||||||
next http.Handler
|
next http.Handler
|
||||||
reqsCounter gokitmetrics.Counter
|
reqsCounter gokitmetrics.Counter
|
||||||
|
reqsTLSCounter gokitmetrics.Counter
|
||||||
reqDurationHistogram gokitmetrics.Histogram
|
reqDurationHistogram gokitmetrics.Histogram
|
||||||
openConnsGauge gokitmetrics.Gauge
|
openConnsGauge gokitmetrics.Gauge
|
||||||
baseLabels []string
|
baseLabels []string
|
||||||
|
|
@ -40,6 +43,7 @@ func NewEntryPointMiddleware(ctx context.Context, next http.Handler, registry me
|
||||||
return &metricsMiddleware{
|
return &metricsMiddleware{
|
||||||
next: next,
|
next: next,
|
||||||
reqsCounter: registry.EntryPointReqsCounter(),
|
reqsCounter: registry.EntryPointReqsCounter(),
|
||||||
|
reqsTLSCounter: registry.EntryPointReqsTLSCounter(),
|
||||||
reqDurationHistogram: registry.EntryPointReqDurationHistogram(),
|
reqDurationHistogram: registry.EntryPointReqDurationHistogram(),
|
||||||
openConnsGauge: registry.EntryPointOpenConnsGauge(),
|
openConnsGauge: registry.EntryPointOpenConnsGauge(),
|
||||||
baseLabels: []string{"entrypoint", entryPointName},
|
baseLabels: []string{"entrypoint", entryPointName},
|
||||||
|
|
@ -53,6 +57,7 @@ func NewServiceMiddleware(ctx context.Context, next http.Handler, registry metri
|
||||||
return &metricsMiddleware{
|
return &metricsMiddleware{
|
||||||
next: next,
|
next: next,
|
||||||
reqsCounter: registry.ServiceReqsCounter(),
|
reqsCounter: registry.ServiceReqsCounter(),
|
||||||
|
reqsTLSCounter: registry.ServiceReqsTLSCounter(),
|
||||||
reqDurationHistogram: registry.ServiceReqDurationHistogram(),
|
reqDurationHistogram: registry.ServiceReqDurationHistogram(),
|
||||||
openConnsGauge: registry.ServiceOpenConnsGauge(),
|
openConnsGauge: registry.ServiceOpenConnsGauge(),
|
||||||
baseLabels: []string{"service", serviceName},
|
baseLabels: []string{"service", serviceName},
|
||||||
|
|
@ -81,6 +86,15 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)
|
||||||
m.openConnsGauge.With(labels...).Add(1)
|
m.openConnsGauge.With(labels...).Add(1)
|
||||||
defer m.openConnsGauge.With(labels...).Add(-1)
|
defer m.openConnsGauge.With(labels...).Add(-1)
|
||||||
|
|
||||||
|
// TLS metrics
|
||||||
|
if req.TLS != nil {
|
||||||
|
var tlsLabels []string
|
||||||
|
tlsLabels = append(tlsLabels, m.baseLabels...)
|
||||||
|
tlsLabels = append(tlsLabels, "tls_version", getRequestTLSVersion(req), "tls_cipher", getRequestTLSCipher(req))
|
||||||
|
|
||||||
|
m.reqsTLSCounter.With(tlsLabels...).Add(1)
|
||||||
|
}
|
||||||
|
|
||||||
recorder := newResponseRecorder(rw)
|
recorder := newResponseRecorder(rw)
|
||||||
start := time.Now()
|
start := time.Now()
|
||||||
m.next.ServeHTTP(recorder, req)
|
m.next.ServeHTTP(recorder, req)
|
||||||
|
|
@ -131,6 +145,29 @@ func getMethod(r *http.Request) string {
|
||||||
return r.Method
|
return r.Method
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func getRequestTLSVersion(req *http.Request) string {
|
||||||
|
switch req.TLS.Version {
|
||||||
|
case tls.VersionTLS10:
|
||||||
|
return "1.0"
|
||||||
|
case tls.VersionTLS11:
|
||||||
|
return "1.1"
|
||||||
|
case tls.VersionTLS12:
|
||||||
|
return "1.2"
|
||||||
|
case tls.VersionTLS13:
|
||||||
|
return "1.3"
|
||||||
|
default:
|
||||||
|
return "unknown"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func getRequestTLSCipher(req *http.Request) string {
|
||||||
|
if version, ok := traefiktls.CipherSuitesReversed[req.TLS.CipherSuite]; ok {
|
||||||
|
return version
|
||||||
|
}
|
||||||
|
|
||||||
|
return "unknown"
|
||||||
|
}
|
||||||
|
|
||||||
type retryMetrics interface {
|
type retryMetrics interface {
|
||||||
ServiceRetriesCounter() gokitmetrics.Counter
|
ServiceRetriesCounter() gokitmetrics.Counter
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -30,39 +30,6 @@ var (
|
||||||
`VersionTLS13`: tls.VersionTLS13,
|
`VersionTLS13`: tls.VersionTLS13,
|
||||||
}
|
}
|
||||||
|
|
||||||
// CipherSuites Map of TLS CipherSuites from crypto/tls
|
|
||||||
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
|
||||||
CipherSuites = map[string]uint16{
|
|
||||||
`TLS_RSA_WITH_RC4_128_SHA`: tls.TLS_RSA_WITH_RC4_128_SHA,
|
|
||||||
`TLS_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
||||||
`TLS_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
|
||||||
`TLS_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
|
||||||
`TLS_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
|
|
||||||
`TLS_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
|
||||||
`TLS_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
|
||||||
`TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
|
||||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
|
||||||
`TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
|
||||||
`TLS_ECDHE_RSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
|
||||||
`TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
||||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
|
||||||
`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
|
||||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
|
||||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
|
||||||
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
||||||
`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
||||||
`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
||||||
`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
||||||
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
|
||||||
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
|
||||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
|
||||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
|
||||||
"TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256,
|
|
||||||
"TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384,
|
|
||||||
"TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256,
|
|
||||||
"TLS_FALLBACK_SCSV": tls.TLS_FALLBACK_SCSV,
|
|
||||||
}
|
|
||||||
|
|
||||||
// CurveIDs is a Map of TLS elliptic curves from crypto/tls
|
// CurveIDs is a Map of TLS elliptic curves from crypto/tls
|
||||||
// Available CurveIDs defined at https://godoc.org/crypto/tls#CurveID,
|
// Available CurveIDs defined at https://godoc.org/crypto/tls#CurveID,
|
||||||
// also allowing rfc names defined at https://tools.ietf.org/html/rfc8446#section-4.2.7
|
// also allowing rfc names defined at https://tools.ietf.org/html/rfc8446#section-4.2.7
|
||||||
|
|
|
||||||
71
pkg/tls/cipher.go
Normal file
71
pkg/tls/cipher.go
Normal file
|
|
@ -0,0 +1,71 @@
|
||||||
|
package tls
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
// CipherSuites Map of TLS CipherSuites from crypto/tls
|
||||||
|
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
||||||
|
CipherSuites = map[string]uint16{
|
||||||
|
`TLS_RSA_WITH_RC4_128_SHA`: tls.TLS_RSA_WITH_RC4_128_SHA,
|
||||||
|
`TLS_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
`TLS_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
`TLS_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
`TLS_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
|
`TLS_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
|
`TLS_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
`TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||||
|
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||||
|
`TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||||
|
`TLS_ECDHE_RSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||||
|
`TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||||
|
`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||||
|
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||||
|
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||||
|
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||||
|
`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||||
|
`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||||
|
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||||
|
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||||
|
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
||||||
|
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||||
|
`TLS_AES_128_GCM_SHA256`: tls.TLS_AES_128_GCM_SHA256,
|
||||||
|
`TLS_AES_256_GCM_SHA384`: tls.TLS_AES_256_GCM_SHA384,
|
||||||
|
`TLS_CHACHA20_POLY1305_SHA256`: tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||||
|
`TLS_FALLBACK_SCSV`: tls.TLS_FALLBACK_SCSV,
|
||||||
|
}
|
||||||
|
|
||||||
|
// CipherSuitesReversed Map of TLS CipherSuites from crypto/tls
|
||||||
|
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
||||||
|
CipherSuitesReversed = map[uint16]string{
|
||||||
|
tls.TLS_RSA_WITH_RC4_128_SHA: `TLS_RSA_WITH_RC4_128_SHA`,
|
||||||
|
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA: `TLS_RSA_WITH_3DES_EDE_CBC_SHA`,
|
||||||
|
tls.TLS_RSA_WITH_AES_128_CBC_SHA: `TLS_RSA_WITH_AES_128_CBC_SHA`,
|
||||||
|
tls.TLS_RSA_WITH_AES_256_CBC_SHA: `TLS_RSA_WITH_AES_256_CBC_SHA`,
|
||||||
|
tls.TLS_RSA_WITH_AES_128_CBC_SHA256: `TLS_RSA_WITH_AES_128_CBC_SHA256`,
|
||||||
|
tls.TLS_RSA_WITH_AES_128_GCM_SHA256: `TLS_RSA_WITH_AES_128_GCM_SHA256`,
|
||||||
|
tls.TLS_RSA_WITH_AES_256_GCM_SHA384: `TLS_RSA_WITH_AES_256_GCM_SHA384`,
|
||||||
|
tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: `TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`,
|
||||||
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`,
|
||||||
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`,
|
||||||
|
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA: `TLS_ECDHE_RSA_WITH_RC4_128_SHA`,
|
||||||
|
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`,
|
||||||
|
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`,
|
||||||
|
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`,
|
||||||
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`,
|
||||||
|
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`,
|
||||||
|
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`,
|
||||||
|
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`,
|
||||||
|
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`,
|
||||||
|
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`,
|
||||||
|
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`,
|
||||||
|
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`,
|
||||||
|
tls.TLS_AES_128_GCM_SHA256: `TLS_AES_128_GCM_SHA256`,
|
||||||
|
tls.TLS_AES_256_GCM_SHA384: `TLS_AES_256_GCM_SHA384`,
|
||||||
|
tls.TLS_CHACHA20_POLY1305_SHA256: `TLS_CHACHA20_POLY1305_SHA256`,
|
||||||
|
tls.TLS_FALLBACK_SCSV: `TLS_FALLBACK_SCSV`,
|
||||||
|
}
|
||||||
|
)
|
||||||
30
pkg/tls/cipher_test.go
Normal file
30
pkg/tls/cipher_test.go
Normal file
|
|
@ -0,0 +1,30 @@
|
||||||
|
package tls
|
||||||
|
|
||||||
|
import (
|
||||||
|
"testing"
|
||||||
|
)
|
||||||
|
|
||||||
|
func TestCiphersMapsSync(t *testing.T) {
|
||||||
|
for k, v := range CipherSuites {
|
||||||
|
// Following names are legacy aliases.
|
||||||
|
// We do not test for their presence in CipherSuitesReversed
|
||||||
|
switch k {
|
||||||
|
case "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305":
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if rv, ok := CipherSuitesReversed[v]; !ok {
|
||||||
|
t.Errorf("Maps not in sync: `%d` key is missing in tls.CipherSuitesReversed", v)
|
||||||
|
} else if k != rv {
|
||||||
|
t.Errorf("Maps not in sync: tls.CipherSuites[%s] = `%d` AND tls.CipherSuitesReversed[`%d`] = `%v`", k, v, v, rv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for k, v := range CipherSuitesReversed {
|
||||||
|
if rv, ok := CipherSuites[v]; !ok {
|
||||||
|
t.Errorf("Maps not in sync: `%s` key is missing in tls.CipherSuites", v)
|
||||||
|
} else if k != rv {
|
||||||
|
t.Errorf("Maps not in sync: tls.CipherSuitesReversed[`%d`] = `%s` AND tls.CipherSuites[`%s`] = `%d`", k, v, v, rv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue