]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/security/NegotiationHistory.cc
2 * Copyright (C) 1996-2021 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
11 #include "security/NegotiationHistory.h"
12 #include "SquidConfig.h"
15 #include "ssl/support.h"
18 Security::NegotiationHistory::NegotiationHistory()
26 Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion
const &v
) const
28 if (!TlsFamilyProtocol(v
))
32 snprintf(buf
, sizeof(buf
), "%s/%d.%d", AnyP::ProtocolType_str
[v
.protocol
], v
.major
, v
.minor
);
37 static AnyP::ProtocolVersion
38 toProtocolVersion(const int v
)
41 #if defined(TLS1_3_VERSION)
43 return AnyP::ProtocolVersion(AnyP::PROTO_TLS
, 1, 3);
45 #if defined(TLS1_2_VERSION)
47 return AnyP::ProtocolVersion(AnyP::PROTO_TLS
, 1, 2);
49 #if defined(TLS1_1_VERSION)
51 return AnyP::ProtocolVersion(AnyP::PROTO_TLS
, 1, 1);
53 #if defined(TLS1_VERSION)
55 return AnyP::ProtocolVersion(AnyP::PROTO_TLS
, 1, 0);
57 #if defined(SSL3_VERSION)
59 return AnyP::ProtocolVersion(AnyP::PROTO_SSL
, 3, 0);
61 #if defined(SSL2_VERSION)
63 return AnyP::ProtocolVersion(AnyP::PROTO_SSL
, 2, 0);
66 return AnyP::ProtocolVersion();
72 Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer
&session
)
75 if ((cipher
= SSL_get_current_cipher(session
.get()))) {
76 // Set the negotiated version only if the cipher negotiated
77 // else probably the negotiation is not completed and version
78 // is not the final negotiated version
79 version_
= toProtocolVersion(SSL_version(session
.get()));
82 if (Debug::Enabled(83, 5)) {
83 BIO
*b
= SSL_get_rbio(session
.get());
84 Ssl::Bio
*bio
= static_cast<Ssl::Bio
*>(BIO_get_data(b
));
85 debugs(83, 5, "SSL connection info on FD " << bio
->fd() <<
86 " SSL version " << version_
<<
87 " negotiated cipher " << cipherName());
93 Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer
const &details
)
96 helloVersion_
= details
->tlsVersion
;
97 supportedVersion_
= details
->tlsSupportedVersion
;
102 Security::NegotiationHistory::cipherName() const
108 return SSL_CIPHER_get_name(cipher
);