Returns the symmetric cipher key size supported in bits when the outgoing
connection was made over an SSL/TLS transport layer.
+ssl_bc_alpn : string
+ This extracts the Application Layer Protocol Negotiation field from an
+ outgoing connection made via a TLS transport layer.
+ The result is a string containing the protocol name negociated with the
+ server. The SSL library must have been built with support for TLS
+ extensions enabled (check haproxy -vv). Note that the TLS ALPN extension is
+ not advertised unless the "alpn" keyword on the "server" line specifies a
+ protocol list. Also, nothing forces the server to pick a protocol from this
+ list, any other one may be requested. The TLS ALPN extension is meant to
+ replace the TLS NPN extension. See also "ssl_bc_npn".
+
ssl_bc_cipher : string
Returns the name of the used cipher when the outgoing connection was made
over an SSL/TLS transport layer.
layer and the newly created SSL session was resumed using a cached
session or a TLS ticket.
+ssl_bc_npn : string
+ This extracts the Next Protocol Negotiation field from an outgoing connection
+ made via a TLS transport layer. The result is a string containing the
+ protocol name negociated with the server . The SSL library must have been
+ built with support for TLS extensions enabled (check haproxy -vv). Note that
+ the TLS NPN extension is not advertised unless the "npn" keyword on the
+ "server" line specifies a protocol list. Also, nothing forces the server to
+ pick a protocol from this list, any other one may be used. Please note that
+ the TLS NPN extension was replaced with ALPN.
+
ssl_bc_protocol : string
Returns the name of the used protocol when the outgoing connection was made
over an SSL/TLS transport layer.
smp->flags = SMP_F_CONST;
smp->data.type = SMP_T_STR;
- conn = objt_conn(smp->sess->origin);
+ conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
smp->flags = SMP_F_CONST;
smp->data.type = SMP_T_STR;
- conn = objt_conn(smp->sess->origin);
+ conn = (kw[4] != 'b' ) ? objt_conn(smp->sess->origin) :
+ smp->strm ? cs_conn(objt_cs(smp->strm->si[1].end)) : NULL;
+
if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
return 0;
static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
{ "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
{ "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_SINT, SMP_USE_L5SRV },
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
+#endif
{ "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
+#if defined(OPENSSL_NPN_NEGOTIATED) && !defined(OPENSSL_NO_NEXTPROTONEG)
+ { "ssl_bc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
+#endif
{ "ssl_bc_is_resumed", smp_fetch_ssl_fc_is_resumed, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
{ "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
{ "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
projects / thirdparty / haproxy.git / commitdiff
