Log supported versions extension in AsyncSSLSocket.

Summary: To monitor client support of TLS 1.3.

Reviewed By: ngoyal

Differential Revision: D4308473

fbshipit-source-id: cb6fb444c8b7ced39e6655a0f63b18523c2fb9c5

diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp
index 242e0b26bad7665b8c12289b7f393dddf1684359..7a65d1a0c7a1b30e00a52cd7b5815be6a43c986e 100644 (file)
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -1697,6 +1697,14 @@ void AsyncSSLSocket::clientHelloParsingCallback(int written,
             sock->clientHelloInfo_->
               clientHelloSigAlgs_.emplace_back(hashAlg, sigAlg);
           }
+        } else if (extensionType == ssl::TLSExtension::SUPPORTED_VERSIONS) {
+          cursor.skip(1);
+          extensionDataLength -= 1;
+          while (extensionDataLength) {
+            sock->clientHelloInfo_->clientHelloSupportedVersions_.push_back(
+                cursor.readBE<uint16_t>());
+            extensionDataLength -= 2;
+          }
         } else {
           cursor.skip(extensionDataLength);
         }
@@ -1790,6 +1798,13 @@ std::string AsyncSSLSocket::getSSLClientSigAlgs() const {
   return sigAlgs;
 }
 
+std::string AsyncSSLSocket::getSSLClientSupportedVersions() const {
+  if (!parseClientHello_) {
+    return "";
+  }
+  return folly::join(":", clientHelloInfo_->clientHelloSupportedVersions_);
+}
+
 std::string AsyncSSLSocket::getSSLAlertsReceived() const {
   std::string ret;
 

diff --git a/folly/io/async/AsyncSSLSocket.h b/folly/io/async/AsyncSSLSocket.h
index 6f8b14644bba8fa7875d021bfafa01a20917e436..5140a82430a0aafa07abb2769ee771074b341bb7 100644 (file)
--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -561,6 +561,12 @@ class AsyncSSLSocket : public virtual AsyncSocket {
 
   std::string getSSLClientSigAlgs() const;
 
+  /**
+   * Get the list of versions in the supported versions extension (used to
+   * negotiate TLS 1.3).
+   */
+  std::string getSSLClientSupportedVersions() const;
+
   std::string getSSLAlertsReceived() const;
 
   /**

diff --git a/folly/io/async/ssl/TLSDefinitions.h b/folly/io/async/ssl/TLSDefinitions.h
index 1720910046ec9a864669572ba5db539b8b67dfd1..691b8da0e615a38971a3ff12a5a5bef4f6ad8cb1 100644 (file)
--- a/folly/io/async/ssl/TLSDefinitions.h
+++ b/folly/io/async/ssl/TLSDefinitions.h
@@ -51,6 +51,7 @@ enum class TLSExtension : uint16_t {
   ENCRYPT_THEN_MAC = 22,
   EXTENDED_MASTER_SECRET = 23,
   SESSION_TICKET = 35,
+  SUPPORTED_VERSIONS = 43,
   // Facebook-specific, not IANA assigned yet
   TLS_CACHED_INFO_FB = 60001,
   // End Facebook-specific
@@ -84,6 +85,7 @@ struct ClientHelloInfo {
   std::vector<uint8_t> clientHelloCompressionMethods_;
   std::vector<TLSExtension> clientHelloExtensions_;
   std::vector<std::pair<HashAlgorithm, SignatureAlgorithm>> clientHelloSigAlgs_;
+  std::vector<uint16_t> clientHelloSupportedVersions_;
 };
 
 } // ssl