github.com/mholt/caddy-l4@v0.0.0-20241104153248-ec8fae209322/modules/l4tls/clienthello.go

github.com/mholt/caddy-l4@v0.0.0-20241104153248-ec8fae209322/modules/l4tls/clienthello.go (about)

     1  // Copyright 2020 Matthew Holt
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package l4tls
    16  
    17  import (
    18  	"crypto/tls"
    19  )
    20  
    21  // ClientHelloInfo holds information about a TLS ClientHello.
    22  // Our own parser collects a little more information than
    23  // the standard library's struct holds.
    24  type ClientHelloInfo struct {
    25  	tls.ClientHelloInfo
    26  
    27  	Version                      uint16
    28  	Random                       []byte
    29  	SessionID                    []byte
    30  	SecureRenegotiationSupported bool
    31  	SecureRenegotiation          []byte
    32  	CompressionMethods           []byte
    33  
    34  	Extensions []uint16
    35  
    36  	OCSPStapling         bool
    37  	TicketSupported      bool
    38  	SessionTicket        []uint8
    39  	SupportedSchemesCert []tls.SignatureScheme
    40  	SCTs                 bool
    41  	Cookie               []byte
    42  	KeyShares            []KeyShare
    43  	EarlyData            bool
    44  	PSKModes             []uint8
    45  	PSKIdentities        []PSKIdentity
    46  	PSKBinders           [][]byte
    47  }
    48  
    49  // FillTLSClientConfig fills cfg (a client-side TLS config) with information
    50  // from chi. It does not overwrite any fields in cfg that are already non-zero.
    51  func (chi ClientHelloInfo) FillTLSClientConfig(cfg *tls.Config) {
    52  	if cfg.NextProtos == nil {
    53  		cfg.NextProtos = chi.ClientHelloInfo.SupportedProtos
    54  	}
    55  	if cfg.ServerName == "" {
    56  		cfg.ServerName = chi.ClientHelloInfo.ServerName
    57  	}
    58  	if cfg.CipherSuites == nil {
    59  		cfg.CipherSuites = chi.ClientHelloInfo.CipherSuites
    60  	}
    61  	if cfg.CurvePreferences == nil {
    62  		cfg.CurvePreferences = chi.ClientHelloInfo.SupportedCurves
    63  	}
    64  	var minVer, maxVer uint16
    65  	for _, ver := range chi.ClientHelloInfo.SupportedVersions {
    66  		if minVer == 0 || ver < minVer {
    67  			minVer = ver
    68  		}
    69  		if maxVer == 0 || ver > maxVer {
    70  			maxVer = ver
    71  		}
    72  	}
    73  	if cfg.MinVersion == 0 {
    74  		cfg.MinVersion = minVer
    75  	}
    76  	if cfg.MaxVersion == 0 {
    77  		cfg.MaxVersion = maxVer
    78  	}
    79  }