Add metrics about TLS
This commit is contained in:
parent
a6040c623b
commit
ad6bf936d5
6 changed files with 178 additions and 37 deletions
|
@ -20,11 +20,13 @@ type Registry interface {
|
|||
|
||||
// entry point metrics
|
||||
EntryPointReqsCounter() metrics.Counter
|
||||
EntryPointReqsTLSCounter() metrics.Counter
|
||||
EntryPointReqDurationHistogram() metrics.Histogram
|
||||
EntryPointOpenConnsGauge() metrics.Gauge
|
||||
|
||||
// service metrics
|
||||
ServiceReqsCounter() metrics.Counter
|
||||
ServiceReqsTLSCounter() metrics.Counter
|
||||
ServiceReqDurationHistogram() metrics.Histogram
|
||||
ServiceOpenConnsGauge() metrics.Gauge
|
||||
ServiceRetriesCounter() metrics.Counter
|
||||
|
@ -46,9 +48,11 @@ func NewMultiRegistry(registries []Registry) Registry {
|
|||
var lastConfigReloadSuccessGauge []metrics.Gauge
|
||||
var lastConfigReloadFailureGauge []metrics.Gauge
|
||||
var entryPointReqsCounter []metrics.Counter
|
||||
var entryPointReqsTLSCounter []metrics.Counter
|
||||
var entryPointReqDurationHistogram []metrics.Histogram
|
||||
var entryPointOpenConnsGauge []metrics.Gauge
|
||||
var serviceReqsCounter []metrics.Counter
|
||||
var serviceReqsTLSCounter []metrics.Counter
|
||||
var serviceReqDurationHistogram []metrics.Histogram
|
||||
var serviceOpenConnsGauge []metrics.Gauge
|
||||
var serviceRetriesCounter []metrics.Counter
|
||||
|
@ -70,6 +74,9 @@ func NewMultiRegistry(registries []Registry) Registry {
|
|||
if r.EntryPointReqsCounter() != nil {
|
||||
entryPointReqsCounter = append(entryPointReqsCounter, r.EntryPointReqsCounter())
|
||||
}
|
||||
if r.EntryPointReqsTLSCounter() != nil {
|
||||
entryPointReqsTLSCounter = append(entryPointReqsTLSCounter, r.EntryPointReqsTLSCounter())
|
||||
}
|
||||
if r.EntryPointReqDurationHistogram() != nil {
|
||||
entryPointReqDurationHistogram = append(entryPointReqDurationHistogram, r.EntryPointReqDurationHistogram())
|
||||
}
|
||||
|
@ -79,6 +86,9 @@ func NewMultiRegistry(registries []Registry) Registry {
|
|||
if r.ServiceReqsCounter() != nil {
|
||||
serviceReqsCounter = append(serviceReqsCounter, r.ServiceReqsCounter())
|
||||
}
|
||||
if r.ServiceReqsTLSCounter() != nil {
|
||||
serviceReqsTLSCounter = append(serviceReqsTLSCounter, r.ServiceReqsTLSCounter())
|
||||
}
|
||||
if r.ServiceReqDurationHistogram() != nil {
|
||||
serviceReqDurationHistogram = append(serviceReqDurationHistogram, r.ServiceReqDurationHistogram())
|
||||
}
|
||||
|
@ -101,9 +111,11 @@ func NewMultiRegistry(registries []Registry) Registry {
|
|||
lastConfigReloadSuccessGauge: multi.NewGauge(lastConfigReloadSuccessGauge...),
|
||||
lastConfigReloadFailureGauge: multi.NewGauge(lastConfigReloadFailureGauge...),
|
||||
entryPointReqsCounter: multi.NewCounter(entryPointReqsCounter...),
|
||||
entryPointReqsTLSCounter: multi.NewCounter(entryPointReqsTLSCounter...),
|
||||
entryPointReqDurationHistogram: multi.NewHistogram(entryPointReqDurationHistogram...),
|
||||
entryPointOpenConnsGauge: multi.NewGauge(entryPointOpenConnsGauge...),
|
||||
serviceReqsCounter: multi.NewCounter(serviceReqsCounter...),
|
||||
serviceReqsTLSCounter: multi.NewCounter(serviceReqsTLSCounter...),
|
||||
serviceReqDurationHistogram: multi.NewHistogram(serviceReqDurationHistogram...),
|
||||
serviceOpenConnsGauge: multi.NewGauge(serviceOpenConnsGauge...),
|
||||
serviceRetriesCounter: multi.NewCounter(serviceRetriesCounter...),
|
||||
|
@ -119,9 +131,11 @@ type standardRegistry struct {
|
|||
lastConfigReloadSuccessGauge metrics.Gauge
|
||||
lastConfigReloadFailureGauge metrics.Gauge
|
||||
entryPointReqsCounter metrics.Counter
|
||||
entryPointReqsTLSCounter metrics.Counter
|
||||
entryPointReqDurationHistogram metrics.Histogram
|
||||
entryPointOpenConnsGauge metrics.Gauge
|
||||
serviceReqsCounter metrics.Counter
|
||||
serviceReqsTLSCounter metrics.Counter
|
||||
serviceReqDurationHistogram metrics.Histogram
|
||||
serviceOpenConnsGauge metrics.Gauge
|
||||
serviceRetriesCounter metrics.Counter
|
||||
|
@ -156,6 +170,10 @@ func (r *standardRegistry) EntryPointReqsCounter() metrics.Counter {
|
|||
return r.entryPointReqsCounter
|
||||
}
|
||||
|
||||
func (r *standardRegistry) EntryPointReqsTLSCounter() metrics.Counter {
|
||||
return r.entryPointReqsTLSCounter
|
||||
}
|
||||
|
||||
func (r *standardRegistry) EntryPointReqDurationHistogram() metrics.Histogram {
|
||||
return r.entryPointReqDurationHistogram
|
||||
}
|
||||
|
@ -168,6 +186,10 @@ func (r *standardRegistry) ServiceReqsCounter() metrics.Counter {
|
|||
return r.serviceReqsCounter
|
||||
}
|
||||
|
||||
func (r *standardRegistry) ServiceReqsTLSCounter() metrics.Counter {
|
||||
return r.serviceReqsTLSCounter
|
||||
}
|
||||
|
||||
func (r *standardRegistry) ServiceReqDurationHistogram() metrics.Histogram {
|
||||
return r.serviceReqDurationHistogram
|
||||
}
|
||||
|
|
|
@ -30,6 +30,7 @@ const (
|
|||
// entry point
|
||||
metricEntryPointPrefix = MetricNamePrefix + "entrypoint_"
|
||||
entryPointReqsTotalName = metricEntryPointPrefix + "requests_total"
|
||||
entryPointReqsTLSTotalName = metricEntryPointPrefix + "requests_tls_total"
|
||||
entryPointReqDurationName = metricEntryPointPrefix + "request_duration_seconds"
|
||||
entryPointOpenConnsName = metricEntryPointPrefix + "open_connections"
|
||||
|
||||
|
@ -38,6 +39,7 @@ const (
|
|||
// MetricServicePrefix prefix of all service metric names
|
||||
MetricServicePrefix = MetricNamePrefix + "service_"
|
||||
serviceReqsTotalName = MetricServicePrefix + "requests_total"
|
||||
serviceReqsTLSTotalName = MetricServicePrefix + "requests_tls_total"
|
||||
serviceReqDurationName = MetricServicePrefix + "request_duration_seconds"
|
||||
serviceOpenConnsName = MetricServicePrefix + "open_connections"
|
||||
serviceRetriesTotalName = MetricServicePrefix + "retries_total"
|
||||
|
@ -136,6 +138,10 @@ func initStandardRegistry(config *types.Prometheus) Registry {
|
|||
Name: entryPointReqsTotalName,
|
||||
Help: "How many HTTP requests processed on an entrypoint, partitioned by status code, protocol, and method.",
|
||||
}, []string{"code", "method", "protocol", "entrypoint"})
|
||||
entryPointReqsTLS := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
|
||||
Name: entryPointReqsTLSTotalName,
|
||||
Help: "How many HTTP requests with TLS processed on an entrypoint, partitioned by TLS Version and TLS cipher Used.",
|
||||
}, []string{"tls_version", "tls_cipher", "entrypoint"})
|
||||
entryPointReqDurations := newHistogramFrom(promState.collectors, stdprometheus.HistogramOpts{
|
||||
Name: entryPointReqDurationName,
|
||||
Help: "How long it took to process the request on an entrypoint, partitioned by status code, protocol, and method.",
|
||||
|
@ -148,10 +154,12 @@ func initStandardRegistry(config *types.Prometheus) Registry {
|
|||
|
||||
promState.describers = append(promState.describers, []func(chan<- *stdprometheus.Desc){
|
||||
entryPointReqs.cv.Describe,
|
||||
entryPointReqsTLS.cv.Describe,
|
||||
entryPointReqDurations.hv.Describe,
|
||||
entryPointOpenConns.gv.Describe,
|
||||
}...)
|
||||
reg.entryPointReqsCounter = entryPointReqs
|
||||
reg.entryPointReqsTLSCounter = entryPointReqsTLS
|
||||
reg.entryPointReqDurationHistogram = entryPointReqDurations
|
||||
reg.entryPointOpenConnsGauge = entryPointOpenConns
|
||||
}
|
||||
|
@ -160,6 +168,10 @@ func initStandardRegistry(config *types.Prometheus) Registry {
|
|||
Name: serviceReqsTotalName,
|
||||
Help: "How many HTTP requests processed on a service, partitioned by status code, protocol, and method.",
|
||||
}, []string{"code", "method", "protocol", "service"})
|
||||
serviceReqsTLS := newCounterFrom(promState.collectors, stdprometheus.CounterOpts{
|
||||
Name: serviceReqsTLSTotalName,
|
||||
Help: "How many HTTP requests with TLS processed on a service, partitioned by TLS version and TLS cipher.",
|
||||
}, []string{"tls_version", "tls_cipher", "service"})
|
||||
serviceReqDurations := newHistogramFrom(promState.collectors, stdprometheus.HistogramOpts{
|
||||
Name: serviceReqDurationName,
|
||||
Help: "How long it took to process the request on a service, partitioned by status code, protocol, and method.",
|
||||
|
@ -180,6 +192,7 @@ func initStandardRegistry(config *types.Prometheus) Registry {
|
|||
|
||||
promState.describers = append(promState.describers, []func(chan<- *stdprometheus.Desc){
|
||||
serviceReqs.cv.Describe,
|
||||
serviceReqsTLS.cv.Describe,
|
||||
serviceReqDurations.hv.Describe,
|
||||
serviceOpenConns.gv.Describe,
|
||||
serviceRetries.cv.Describe,
|
||||
|
@ -187,6 +200,7 @@ func initStandardRegistry(config *types.Prometheus) Registry {
|
|||
}...)
|
||||
|
||||
reg.serviceReqsCounter = serviceReqs
|
||||
reg.serviceReqsTLSCounter = serviceReqsTLS
|
||||
reg.serviceReqDurationHistogram = serviceReqDurations
|
||||
reg.serviceOpenConnsGauge = serviceOpenConns
|
||||
reg.serviceRetriesCounter = serviceRetries
|
||||
|
|
|
@ -2,6 +2,7 @@ package metrics
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"net/http"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
@ -13,6 +14,7 @@ import (
|
|||
"github.com/containous/traefik/v2/pkg/metrics"
|
||||
"github.com/containous/traefik/v2/pkg/middlewares"
|
||||
"github.com/containous/traefik/v2/pkg/middlewares/retry"
|
||||
traefiktls "github.com/containous/traefik/v2/pkg/tls"
|
||||
gokitmetrics "github.com/go-kit/kit/metrics"
|
||||
)
|
||||
|
||||
|
@ -28,6 +30,7 @@ const (
|
|||
type metricsMiddleware struct {
|
||||
next http.Handler
|
||||
reqsCounter gokitmetrics.Counter
|
||||
reqsTLSCounter gokitmetrics.Counter
|
||||
reqDurationHistogram gokitmetrics.Histogram
|
||||
openConnsGauge gokitmetrics.Gauge
|
||||
baseLabels []string
|
||||
|
@ -40,6 +43,7 @@ func NewEntryPointMiddleware(ctx context.Context, next http.Handler, registry me
|
|||
return &metricsMiddleware{
|
||||
next: next,
|
||||
reqsCounter: registry.EntryPointReqsCounter(),
|
||||
reqsTLSCounter: registry.EntryPointReqsTLSCounter(),
|
||||
reqDurationHistogram: registry.EntryPointReqDurationHistogram(),
|
||||
openConnsGauge: registry.EntryPointOpenConnsGauge(),
|
||||
baseLabels: []string{"entrypoint", entryPointName},
|
||||
|
@ -53,6 +57,7 @@ func NewServiceMiddleware(ctx context.Context, next http.Handler, registry metri
|
|||
return &metricsMiddleware{
|
||||
next: next,
|
||||
reqsCounter: registry.ServiceReqsCounter(),
|
||||
reqsTLSCounter: registry.ServiceReqsTLSCounter(),
|
||||
reqDurationHistogram: registry.ServiceReqDurationHistogram(),
|
||||
openConnsGauge: registry.ServiceOpenConnsGauge(),
|
||||
baseLabels: []string{"service", serviceName},
|
||||
|
@ -81,6 +86,15 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)
|
|||
m.openConnsGauge.With(labels...).Add(1)
|
||||
defer m.openConnsGauge.With(labels...).Add(-1)
|
||||
|
||||
// TLS metrics
|
||||
if req.TLS != nil {
|
||||
var tlsLabels []string
|
||||
tlsLabels = append(tlsLabels, m.baseLabels...)
|
||||
tlsLabels = append(tlsLabels, "tls_version", getRequestTLSVersion(req), "tls_cipher", getRequestTLSCipher(req))
|
||||
|
||||
m.reqsTLSCounter.With(tlsLabels...).Add(1)
|
||||
}
|
||||
|
||||
recorder := newResponseRecorder(rw)
|
||||
start := time.Now()
|
||||
m.next.ServeHTTP(recorder, req)
|
||||
|
@ -131,6 +145,29 @@ func getMethod(r *http.Request) string {
|
|||
return r.Method
|
||||
}
|
||||
|
||||
func getRequestTLSVersion(req *http.Request) string {
|
||||
switch req.TLS.Version {
|
||||
case tls.VersionTLS10:
|
||||
return "1.0"
|
||||
case tls.VersionTLS11:
|
||||
return "1.1"
|
||||
case tls.VersionTLS12:
|
||||
return "1.2"
|
||||
case tls.VersionTLS13:
|
||||
return "1.3"
|
||||
default:
|
||||
return "unknown"
|
||||
}
|
||||
}
|
||||
|
||||
func getRequestTLSCipher(req *http.Request) string {
|
||||
if version, ok := traefiktls.CipherSuitesReversed[req.TLS.CipherSuite]; ok {
|
||||
return version
|
||||
}
|
||||
|
||||
return "unknown"
|
||||
}
|
||||
|
||||
type retryMetrics interface {
|
||||
ServiceRetriesCounter() gokitmetrics.Counter
|
||||
}
|
||||
|
|
|
@ -30,39 +30,6 @@ var (
|
|||
`VersionTLS13`: tls.VersionTLS13,
|
||||
}
|
||||
|
||||
// CipherSuites Map of TLS CipherSuites from crypto/tls
|
||||
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
||||
CipherSuites = map[string]uint16{
|
||||
`TLS_RSA_WITH_RC4_128_SHA`: tls.TLS_RSA_WITH_RC4_128_SHA,
|
||||
`TLS_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
"TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256,
|
||||
"TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384,
|
||||
"TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
"TLS_FALLBACK_SCSV": tls.TLS_FALLBACK_SCSV,
|
||||
}
|
||||
|
||||
// CurveIDs is a Map of TLS elliptic curves from crypto/tls
|
||||
// Available CurveIDs defined at https://godoc.org/crypto/tls#CurveID,
|
||||
// also allowing rfc names defined at https://tools.ietf.org/html/rfc8446#section-4.2.7
|
||||
|
|
71
pkg/tls/cipher.go
Normal file
71
pkg/tls/cipher.go
Normal file
|
@ -0,0 +1,71 @@
|
|||
package tls
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
)
|
||||
|
||||
var (
|
||||
// CipherSuites Map of TLS CipherSuites from crypto/tls
|
||||
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
||||
CipherSuites = map[string]uint16{
|
||||
`TLS_RSA_WITH_RC4_128_SHA`: tls.TLS_RSA_WITH_RC4_128_SHA,
|
||||
`TLS_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
`TLS_AES_128_GCM_SHA256`: tls.TLS_AES_128_GCM_SHA256,
|
||||
`TLS_AES_256_GCM_SHA384`: tls.TLS_AES_256_GCM_SHA384,
|
||||
`TLS_CHACHA20_POLY1305_SHA256`: tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
`TLS_FALLBACK_SCSV`: tls.TLS_FALLBACK_SCSV,
|
||||
}
|
||||
|
||||
// CipherSuitesReversed Map of TLS CipherSuites from crypto/tls
|
||||
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
||||
CipherSuitesReversed = map[uint16]string{
|
||||
tls.TLS_RSA_WITH_RC4_128_SHA: `TLS_RSA_WITH_RC4_128_SHA`,
|
||||
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA: `TLS_RSA_WITH_3DES_EDE_CBC_SHA`,
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA: `TLS_RSA_WITH_AES_128_CBC_SHA`,
|
||||
tls.TLS_RSA_WITH_AES_256_CBC_SHA: `TLS_RSA_WITH_AES_256_CBC_SHA`,
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA256: `TLS_RSA_WITH_AES_128_CBC_SHA256`,
|
||||
tls.TLS_RSA_WITH_AES_128_GCM_SHA256: `TLS_RSA_WITH_AES_128_GCM_SHA256`,
|
||||
tls.TLS_RSA_WITH_AES_256_GCM_SHA384: `TLS_RSA_WITH_AES_256_GCM_SHA384`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: `TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`,
|
||||
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA: `TLS_ECDHE_RSA_WITH_RC4_128_SHA`,
|
||||
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`,
|
||||
tls.TLS_AES_128_GCM_SHA256: `TLS_AES_128_GCM_SHA256`,
|
||||
tls.TLS_AES_256_GCM_SHA384: `TLS_AES_256_GCM_SHA384`,
|
||||
tls.TLS_CHACHA20_POLY1305_SHA256: `TLS_CHACHA20_POLY1305_SHA256`,
|
||||
tls.TLS_FALLBACK_SCSV: `TLS_FALLBACK_SCSV`,
|
||||
}
|
||||
)
|
30
pkg/tls/cipher_test.go
Normal file
30
pkg/tls/cipher_test.go
Normal file
|
@ -0,0 +1,30 @@
|
|||
package tls
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestCiphersMapsSync(t *testing.T) {
|
||||
for k, v := range CipherSuites {
|
||||
// Following names are legacy aliases.
|
||||
// We do not test for their presence in CipherSuitesReversed
|
||||
switch k {
|
||||
case "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305":
|
||||
continue
|
||||
}
|
||||
|
||||
if rv, ok := CipherSuitesReversed[v]; !ok {
|
||||
t.Errorf("Maps not in sync: `%d` key is missing in tls.CipherSuitesReversed", v)
|
||||
} else if k != rv {
|
||||
t.Errorf("Maps not in sync: tls.CipherSuites[%s] = `%d` AND tls.CipherSuitesReversed[`%d`] = `%v`", k, v, v, rv)
|
||||
}
|
||||
}
|
||||
|
||||
for k, v := range CipherSuitesReversed {
|
||||
if rv, ok := CipherSuites[v]; !ok {
|
||||
t.Errorf("Maps not in sync: `%s` key is missing in tls.CipherSuites", v)
|
||||
} else if k != rv {
|
||||
t.Errorf("Maps not in sync: tls.CipherSuitesReversed[`%d`] = `%s` AND tls.CipherSuites[`%s`] = `%d`", k, v, v, rv)
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue