Skip to content

feature: ngx_http_lua_ffi_ssl_get_client_hello_ciphers() #2419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feature: ngx_http_lua_ffi_ssl_get_client_hello_ciphers() #2419

wants to merge 2 commits into from

Conversation

climagabriel
Copy link
Contributor

@climagabriel climagabriel commented May 8, 2025
edited
Loading

I hereby granted the copyright of the changes in this pull request
to the authors of this lua-nginx-module project.

openresty/lua-resty-core#498

@climagabriel
feature: ngx_http_lua_ffi_ssl_get_client_hello_ciphers()
51b3daf 
Partially inspired by:
	https://github.com/naofumi0628/haproxy/blob/fefb9e37714bd2e3ad2adc3a321e165fc1dafae2/src/ssl_sock.c#L2252

Relevant:
	fooinha/nginx-ssl-ja3#64
        openssl/openssl#27580

And especially:
	https://github.com/openresty/lua-nginx-module#:~:text=after%20SSL%20handshake%2C-,the%20ngx.ctx%20created,-in%20ssl_certificate_by_lua*

It might be pointless for me to pull all this data into Lua-land if I don't find a way to store those values.
I need some kind of ngx.ctx but related not a request but to a connection instead of a request.
@climagabriel climagabriel marked this pull request as ready for review May 9, 2025 07:31
@climagabriel climagabriel mentioned this pull request May 9, 2025
Open
@chensunny
Copy link

The same like #1962

@climagabriel
Copy link
Contributor Author

climagabriel commented May 16, 2025
edited
Loading

The same like #1962

Partially. He uses different open/boringssl calls under the hood, and his intention is to fetch the client and server ciphers from the session once it's established.
I aim merely to fetch the ciphers offered by the client in the clienthello message, before the SSL session has even been established.

But I will admit that the guy's code is clever and I can learn something from it, thx for referencing it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
needs-test-cases
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@climagabriel @chensunny