h2load: Add --tls13-ciphers option
This commit is contained in:
parent
231c6ac862
commit
6002fac9f1
|
@ -77,6 +77,8 @@ bool recorded(const std::chrono::steady_clock::time_point &t) {
|
||||||
|
|
||||||
Config::Config()
|
Config::Config()
|
||||||
: ciphers(tls::DEFAULT_CIPHER_LIST),
|
: ciphers(tls::DEFAULT_CIPHER_LIST),
|
||||||
|
tls13_ciphers("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_"
|
||||||
|
"CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256"),
|
||||||
groups("P-256:X25519:P-384:P-521"),
|
groups("P-256:X25519:P-384:P-521"),
|
||||||
data_length(-1),
|
data_length(-1),
|
||||||
addrs(nullptr),
|
addrs(nullptr),
|
||||||
|
@ -2099,10 +2101,15 @@ Options:
|
||||||
-H, --header=<HEADER>
|
-H, --header=<HEADER>
|
||||||
Add/Override a header to the requests.
|
Add/Override a header to the requests.
|
||||||
--ciphers=<SUITE>
|
--ciphers=<SUITE>
|
||||||
Set allowed cipher list. The format of the string is
|
Set allowed cipher list for TLSv1.2 or ealier. The
|
||||||
described in OpenSSL ciphers(1).
|
format of the string is described in OpenSSL ciphers(1).
|
||||||
Default: )"
|
Default: )"
|
||||||
<< config.ciphers << R"(
|
<< config.ciphers << R"(
|
||||||
|
--tls13-ciphers=<SUITE>
|
||||||
|
Set allowed cipher list for TLSv1.3. The format of the
|
||||||
|
string is described in OpenSSL ciphers(1).
|
||||||
|
Default: )"
|
||||||
|
<< config.tls13_ciphers << R"(
|
||||||
-p, --no-tls-proto=<PROTOID>
|
-p, --no-tls-proto=<PROTOID>
|
||||||
Specify ALPN identifier of the protocol to be used when
|
Specify ALPN identifier of the protocol to be used when
|
||||||
accessing http URI without SSL/TLS.
|
accessing http URI without SSL/TLS.
|
||||||
|
@ -2286,6 +2293,7 @@ int main(int argc, char **argv) {
|
||||||
{"connect-to", required_argument, &flag, 11},
|
{"connect-to", required_argument, &flag, 11},
|
||||||
{"rps", required_argument, &flag, 12},
|
{"rps", required_argument, &flag, 12},
|
||||||
{"groups", required_argument, &flag, 13},
|
{"groups", required_argument, &flag, 13},
|
||||||
|
{"tls13-ciphers", required_argument, &flag, 14},
|
||||||
{nullptr, 0, nullptr, 0}};
|
{nullptr, 0, nullptr, 0}};
|
||||||
int option_index = 0;
|
int option_index = 0;
|
||||||
auto c = getopt_long(argc, argv,
|
auto c = getopt_long(argc, argv,
|
||||||
|
@ -2540,6 +2548,10 @@ int main(int argc, char **argv) {
|
||||||
// --groups
|
// --groups
|
||||||
config.groups = optarg;
|
config.groups = optarg;
|
||||||
break;
|
break;
|
||||||
|
case 14:
|
||||||
|
// --tls13-ciphers
|
||||||
|
config.tls13_ciphers = optarg;
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
@ -2767,7 +2779,12 @@ int main(int argc, char **argv) {
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO Use SSL_CTX_set_ciphersuites to set TLSv1.3 cipher list
|
if (SSL_CTX_set_ciphersuites(ssl_ctx, config.tls13_ciphers.c_str()) == 0) {
|
||||||
|
std::cerr << "SSL_CTX_set_ciphersuites with " << config.tls13_ciphers
|
||||||
|
<< " failed: " << ERR_error_string(ERR_get_error(), nullptr)
|
||||||
|
<< std::endl;
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
if (SSL_CTX_set1_groups_list(ssl_ctx, config.groups.c_str()) != 1) {
|
if (SSL_CTX_set1_groups_list(ssl_ctx, config.groups.c_str()) != 1) {
|
||||||
std::cerr << "SSL_CTX_set1_groups_list failed" << std::endl;
|
std::cerr << "SSL_CTX_set1_groups_list failed" << std::endl;
|
||||||
|
|
|
@ -75,6 +75,7 @@ struct Config {
|
||||||
std::string connect_to_host;
|
std::string connect_to_host;
|
||||||
std::string ifile;
|
std::string ifile;
|
||||||
std::string ciphers;
|
std::string ciphers;
|
||||||
|
std::string tls13_ciphers;
|
||||||
// supported groups (or curves).
|
// supported groups (or curves).
|
||||||
std::string groups;
|
std::string groups;
|
||||||
// length of upload data
|
// length of upload data
|
||||||
|
|
Loading…
Reference in New Issue