]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/security/NegotiationHistory.cc
2 * Copyright (C) 1996-2020 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
11 #include "security/NegotiationHistory.h"
12 #include "SquidConfig.h"
15 #include "ssl/support.h"
18 Security::NegotiationHistory::NegotiationHistory()
26 Security::NegotiationHistory::printTlsVersion(AnyP::ProtocolVersion
const &v
) const
28 if (v
.protocol
!= AnyP::PROTO_SSL
&& v
.protocol
!= AnyP::PROTO_TLS
)
32 snprintf(buf
, sizeof(buf
), "%s/%d.%d", AnyP::ProtocolType_str
[v
.protocol
], v
.major
, v
.minor
);
37 static AnyP::ProtocolVersion
38 toProtocolVersion(const int v
)
41 #if defined(TLS1_2_VERSION)
43 return AnyP::ProtocolVersion(AnyP::PROTO_TLS
, 1, 2);
45 #if defined(TLS1_1_VERSION)
47 return AnyP::ProtocolVersion(AnyP::PROTO_TLS
, 1, 1);
49 #if defined(TLS1_VERSION)
51 return AnyP::ProtocolVersion(AnyP::PROTO_TLS
, 1, 0);
53 #if defined(SSL3_VERSION)
55 return AnyP::ProtocolVersion(AnyP::PROTO_SSL
, 3, 0);
57 #if defined(SSL2_VERSION)
59 return AnyP::ProtocolVersion(AnyP::PROTO_SSL
, 2, 0);
62 return AnyP::ProtocolVersion();
68 Security::NegotiationHistory::retrieveNegotiatedInfo(const Security::SessionPointer
&session
)
71 if ((cipher
= SSL_get_current_cipher(session
.get()))) {
72 // Set the negotiated version only if the cipher negotiated
73 // else probably the negotiation is not completed and version
74 // is not the final negotiated version
75 version_
= toProtocolVersion(SSL_version(session
.get()));
78 if (Debug::Enabled(83, 5)) {
79 BIO
*b
= SSL_get_rbio(session
.get());
80 Ssl::Bio
*bio
= static_cast<Ssl::Bio
*>(BIO_get_data(b
));
81 debugs(83, 5, "SSL connection info on FD " << bio
->fd() <<
82 " SSL version " << version_
<<
83 " negotiated cipher " << cipherName());
89 Security::NegotiationHistory::retrieveParsedInfo(Security::TlsDetails::Pointer
const &details
)
92 helloVersion_
= details
->tlsVersion
;
93 supportedVersion_
= details
->tlsSupportedVersion
;
98 Security::NegotiationHistory::cipherName() const
104 return SSL_CIPHER_get_name(cipher
);