Add metrics about TLS
This commit is contained in:
Traefiker Bot
GitHub
parent
a6040c623b
commit
ad6bf936d5
6 changed files with 178 additions and 37 deletions
|
|
@ -30,39 +30,6 @@ var (
|
|||
`VersionTLS13`: tls.VersionTLS13,
|
||||
}
|
||||
|
||||
// CipherSuites Map of TLS CipherSuites from crypto/tls
|
||||
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
||||
CipherSuites = map[string]uint16{
|
||||
`TLS_RSA_WITH_RC4_128_SHA`: tls.TLS_RSA_WITH_RC4_128_SHA,
|
||||
`TLS_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
"TLS_AES_128_GCM_SHA256": tls.TLS_AES_128_GCM_SHA256,
|
||||
"TLS_AES_256_GCM_SHA384": tls.TLS_AES_256_GCM_SHA384,
|
||||
"TLS_CHACHA20_POLY1305_SHA256": tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
"TLS_FALLBACK_SCSV": tls.TLS_FALLBACK_SCSV,
|
||||
}
|
||||
|
||||
// CurveIDs is a Map of TLS elliptic curves from crypto/tls
|
||||
// Available CurveIDs defined at https://godoc.org/crypto/tls#CurveID,
|
||||
// also allowing rfc names defined at https://tools.ietf.org/html/rfc8446#section-4.2.7
|
||||
|
|
|
|||
71
pkg/tls/cipher.go
Normal file
71
pkg/tls/cipher.go
Normal file
|
|
@ -0,0 +1,71 @@
|
|||
package tls
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
)
|
||||
|
||||
var (
|
||||
// CipherSuites Map of TLS CipherSuites from crypto/tls
|
||||
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
||||
CipherSuites = map[string]uint16{
|
||||
`TLS_RSA_WITH_RC4_128_SHA`: tls.TLS_RSA_WITH_RC4_128_SHA,
|
||||
`TLS_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_RC4_128_SHA`: tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`: tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
|
||||
`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
|
||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`: tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
`TLS_AES_128_GCM_SHA256`: tls.TLS_AES_128_GCM_SHA256,
|
||||
`TLS_AES_256_GCM_SHA384`: tls.TLS_AES_256_GCM_SHA384,
|
||||
`TLS_CHACHA20_POLY1305_SHA256`: tls.TLS_CHACHA20_POLY1305_SHA256,
|
||||
`TLS_FALLBACK_SCSV`: tls.TLS_FALLBACK_SCSV,
|
||||
}
|
||||
|
||||
// CipherSuitesReversed Map of TLS CipherSuites from crypto/tls
|
||||
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
|
||||
CipherSuitesReversed = map[uint16]string{
|
||||
tls.TLS_RSA_WITH_RC4_128_SHA: `TLS_RSA_WITH_RC4_128_SHA`,
|
||||
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA: `TLS_RSA_WITH_3DES_EDE_CBC_SHA`,
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA: `TLS_RSA_WITH_AES_128_CBC_SHA`,
|
||||
tls.TLS_RSA_WITH_AES_256_CBC_SHA: `TLS_RSA_WITH_AES_256_CBC_SHA`,
|
||||
tls.TLS_RSA_WITH_AES_128_CBC_SHA256: `TLS_RSA_WITH_AES_128_CBC_SHA256`,
|
||||
tls.TLS_RSA_WITH_AES_128_GCM_SHA256: `TLS_RSA_WITH_AES_128_GCM_SHA256`,
|
||||
tls.TLS_RSA_WITH_AES_256_GCM_SHA384: `TLS_RSA_WITH_AES_256_GCM_SHA384`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: `TLS_ECDHE_ECDSA_WITH_RC4_128_SHA`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`,
|
||||
tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA: `TLS_ECDHE_RSA_WITH_RC4_128_SHA`,
|
||||
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`,
|
||||
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`,
|
||||
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`,
|
||||
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`,
|
||||
tls.TLS_AES_128_GCM_SHA256: `TLS_AES_128_GCM_SHA256`,
|
||||
tls.TLS_AES_256_GCM_SHA384: `TLS_AES_256_GCM_SHA384`,
|
||||
tls.TLS_CHACHA20_POLY1305_SHA256: `TLS_CHACHA20_POLY1305_SHA256`,
|
||||
tls.TLS_FALLBACK_SCSV: `TLS_FALLBACK_SCSV`,
|
||||
}
|
||||
)
|
||||
30
pkg/tls/cipher_test.go
Normal file
30
pkg/tls/cipher_test.go
Normal file
|
|
@ -0,0 +1,30 @@
|
|||
package tls
|
||||
|
||||
import (
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestCiphersMapsSync(t *testing.T) {
|
||||
for k, v := range CipherSuites {
|
||||
// Following names are legacy aliases.
|
||||
// We do not test for their presence in CipherSuitesReversed
|
||||
switch k {
|
||||
case "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305":
|
||||
continue
|
||||
}
|
||||
|
||||
if rv, ok := CipherSuitesReversed[v]; !ok {
|
||||
t.Errorf("Maps not in sync: `%d` key is missing in tls.CipherSuitesReversed", v)
|
||||
} else if k != rv {
|
||||
t.Errorf("Maps not in sync: tls.CipherSuites[%s] = `%d` AND tls.CipherSuitesReversed[`%d`] = `%v`", k, v, v, rv)
|
||||
}
|
||||
}
|
||||
|
||||
for k, v := range CipherSuitesReversed {
|
||||
if rv, ok := CipherSuites[v]; !ok {
|
||||
t.Errorf("Maps not in sync: `%s` key is missing in tls.CipherSuites", v)
|
||||
} else if k != rv {
|
||||
t.Errorf("Maps not in sync: tls.CipherSuitesReversed[`%d`] = `%s` AND tls.CipherSuites[`%s`] = `%d`", k, v, v, rv)
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue