projects / haproxy-2.5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5ef9656) | patch
MEDIUM: ssl: Capture more info from Client Hello
authorMarcin Deranek <marcin.deranek@booking.com>
Mon, 12 Jul 2021 12:16:55 +0000 (14:16 +0200)
committerWilly Tarreau <w@1wt.eu>
Thu, 26 Aug 2021 17:48:33 +0000 (19:48 +0200)
commit769fd2e447487a1433350f727aee47b265d875b0
treeddcf5ccab72cc420b3813b291da77874a92bb27atree | snapshot
parent5ef965606b5bacb12769c97f85b2cfd1c4e4ffe7commit | diff
MEDIUM: ssl: Capture more info from Client Hello

When we set tune.ssl.capture-cipherlist-size to a non-zero value
we are able to capture cipherlist supported by the client. To be able to
provide JA3 compatible TLS fingerprinting we need to capture more
information from Client Hello message:
- SSL Version
- SSL Extensions
- Elliptic Curves
- Elliptic Curve Point Formats
This patch allows HAProxy to capture such information and store it for
later use.
doc/configuration.txt diff | blob | history
include/haproxy/ssl_sock-t.h diff | blob | history
src/ssl_sample.c diff | blob | history
src/ssl_sock.c diff | blob | history
haproxy-2.5 public tree. Stable production code.