Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[tls] add missing built in cipher stat names #14676

Merged
merged 7 commits into from
Jan 13, 2021
Merged

[tls] add missing built in cipher stat names #14676

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7631904
add missing ciphers
asraa Jan 12, 2021
f006801
update link
asraa Jan 12, 2021
5064b64
remove aes-ccm
asraa Jan 12, 2021
37251e7
add spelling
asraa Jan 12, 2021
65b9605
fix nit
asraa Jan 12, 2021
1698431
fix test
asraa Jan 12, 2021
0c856cf
fix test
asraa Jan 13, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions source/extensions/transport_sockets/tls/context_impl.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -472,8 +472,9 @@ ContextImpl::ContextImpl(Stats::Scope& scope, const Envoy::Ssl::ContextConfig& c

// Add hardcoded cipher suites from the TLS 1.3 spec:
// https://tools.ietf.org/html/rfc8446
stat_name_set_->rememberBuiltins(
{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256"});
stat_name_set_->rememberBuiltins({"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384",
asraa marked this conversation as resolved.
Show resolved Hide resolved
"TLS_AES_128_CCM_SHA256", "TLS_AES_256_CCM_8_SHA256",
asraa marked this conversation as resolved.
Show resolved Hide resolved
"TLS_CHACHA20_POLY1305_SHA256"});

// Curves from
// https://github.com/google/boringssl/blob/f4d8b969200f1ee2dd872ffb85802e6a0976afe7/ssl/ssl_key_share.cc#L384
Expand Down
15 changes: 10 additions & 5 deletions test/extensions/transport_sockets/tls/context_impl_test.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1977,11 +1977,16 @@ class SslContextStatsTest : public SslContextImplTest {
TEST_F(SslContextStatsTest, IncOnlyKnownCounters) {
// Incrementing a value for a cipher that is part of the configuration works, and
// we'll be able to find the value in the stats store.
context_->incCounter("ssl.ciphers", "ECDHE-ECDSA-AES256-GCM-SHA384");
Stats::CounterOptConstRef cipher =
store_.findCounterByString("ssl.ciphers.ECDHE-ECDSA-AES256-GCM-SHA384");
ASSERT_TRUE(cipher.has_value());
EXPECT_EQ(1, cipher->get().value());
for (const auto& cipher :
{"TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_AES_128_CCM_SHA256",
"TLS_AES_256_CCM_8_SHA256", "TLS_CHACHA20_POLY1305_SHA256"}) {
// Test all built-in TLS v1.3 cipher suites https://tools.ietf.org/html/rfc8446#appendix-B.4.
asraa marked this conversation as resolved.
Show resolved Hide resolved
context_->incCounter("ssl.ciphers", cipher);
Stats::CounterOptConstRef stat =
store_.findCounterByString(absl::StrCat("ssl.ciphers.", cipher));
ASSERT_TRUE(stat.has_value());
EXPECT_EQ(1, stat->get().value());
}

// Incrementing a stat for a random unknown cipher does not work. A
// rate-limited error log message will also be generated but that is hard to
Expand Down