From 237f742100ba5ce7d92e5beb6d5800b5c1ea5f44 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 8 Jul 2015 23:14:41 +0900
Subject: [PATCH] h2load: Add --ciphers option

---
 src/h2load.cc | 22 +++++++++++++++++++---
 src/h2load.h  |  1 +
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/src/h2load.cc b/src/h2load.cc
index 3338f4da..3eba889c 100644
--- a/src/h2load.cc
+++ b/src/h2load.cc
@@ -1021,6 +1021,9 @@ Options:
               Default: )" << config.connection_window_bits << R"(
   -H, --header=<HEADER>
               Add/Override a header to the requests.
+  --ciphers=<SUITE>
+              Set allowed  cipher list.  The  format of the  string is
+              described in OpenSSL ciphers(1).
   -p, --no-tls-proto=<PROTOID>
               Specify ALPN identifier of the  protocol to be used when
               accessing http URI without SSL/TLS.)";
@@ -1069,6 +1072,7 @@ int main(int argc, char **argv) {
         {"verbose", no_argument, nullptr, 'v'},
         {"help", no_argument, nullptr, 'h'},
         {"version", no_argument, &flag, 1},
+        {"ciphers", required_argument, &flag, 2},
         {nullptr, 0, nullptr, 0}};
     int option_index = 0;
     auto c = getopt_long(argc, argv, "hvW:c:d:m:n:p:t:w:H:i:", long_options,
@@ -1181,6 +1185,10 @@ int main(int argc, char **argv) {
         // version option
         print_version(std::cout);
         exit(EXIT_SUCCESS);
+      case 2:
+        // ciphers option
+        config.ciphers = optarg;
+        break;
       }
       break;
     default:
@@ -1264,9 +1272,17 @@ int main(int argc, char **argv) {
   SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
   SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
 
-  if (SSL_CTX_set_cipher_list(ssl_ctx, ssl::DEFAULT_CIPHER_LIST) == 0) {
-    std::cerr << "SSL_CTX_set_cipher_list failed: "
-              << ERR_error_string(ERR_get_error(), nullptr) << std::endl;
+  const char *ciphers;
+  if (config.ciphers.empty()) {
+    ciphers = ssl::DEFAULT_CIPHER_LIST;
+  } else {
+    ciphers = config.ciphers.c_str();
+  }
+
+  if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) == 0) {
+    std::cerr << "SSL_CTX_set_cipher_list with " << ciphers
+              << " failed: " << ERR_error_string(ERR_get_error(), nullptr)
+              << std::endl;
     exit(EXIT_FAILURE);
   }
 
diff --git a/src/h2load.h b/src/h2load.h
index e965cd37..4bca2afa 100644
--- a/src/h2load.h
+++ b/src/h2load.h
@@ -65,6 +65,7 @@ struct Config {
   std::string scheme;
   std::string host;
   std::string ifile;
+  std::string ciphers;
   // length of upload data
   int64_t data_length;
   addrinfo *addrs;