From db5ad837766b336a5efc712fbf0bfe7ba97b8b5b Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Thu, 8 Aug 2019 09:59:21 +0900 Subject: [PATCH] h2load: Add --tls13-ciphers option --- src/h2load.cc | 23 ++++++++++++++++++++--- src/h2load.h | 1 + 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/h2load.cc b/src/h2load.cc index 6ce7b023..07b569a3 100644 --- a/src/h2load.cc +++ b/src/h2load.cc @@ -77,6 +77,8 @@ bool recorded(const std::chrono::steady_clock::time_point &t) { Config::Config() : ciphers(tls::DEFAULT_CIPHER_LIST), + tls13_ciphers("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_" + "CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256"), groups("P-256:X25519:P-384:P-521"), data_length(-1), addrs(nullptr), @@ -2099,10 +2101,15 @@ Options: -H, --header=
Add/Override a header to the requests. --ciphers= - Set allowed cipher list. The format of the string is - described in OpenSSL ciphers(1). + Set allowed cipher list for TLSv1.2 or ealier. The + format of the string is described in OpenSSL ciphers(1). Default: )" << config.ciphers << R"( + --tls13-ciphers= + Set allowed cipher list for TLSv1.3. The format of the + string is described in OpenSSL ciphers(1). + Default: )" + << config.tls13_ciphers << R"( -p, --no-tls-proto= Specify ALPN identifier of the protocol to be used when accessing http URI without SSL/TLS. @@ -2286,6 +2293,7 @@ int main(int argc, char **argv) { {"connect-to", required_argument, &flag, 11}, {"rps", required_argument, &flag, 12}, {"groups", required_argument, &flag, 13}, + {"tls13-ciphers", required_argument, &flag, 14}, {nullptr, 0, nullptr, 0}}; int option_index = 0; auto c = getopt_long(argc, argv, @@ -2540,6 +2548,10 @@ int main(int argc, char **argv) { // --groups config.groups = optarg; break; + case 14: + // --tls13-ciphers + config.tls13_ciphers = optarg; + break; } break; default: @@ -2767,7 +2779,12 @@ int main(int argc, char **argv) { exit(EXIT_FAILURE); } - // TODO Use SSL_CTX_set_ciphersuites to set TLSv1.3 cipher list + if (SSL_CTX_set_ciphersuites(ssl_ctx, config.tls13_ciphers.c_str()) == 0) { + std::cerr << "SSL_CTX_set_ciphersuites with " << config.tls13_ciphers + << " failed: " << ERR_error_string(ERR_get_error(), nullptr) + << std::endl; + exit(EXIT_FAILURE); + } if (SSL_CTX_set1_groups_list(ssl_ctx, config.groups.c_str()) != 1) { std::cerr << "SSL_CTX_set1_groups_list failed" << std::endl; diff --git a/src/h2load.h b/src/h2load.h index 9b25ce93..5a4777d9 100644 --- a/src/h2load.h +++ b/src/h2load.h @@ -75,6 +75,7 @@ struct Config { std::string connect_to_host; std::string ifile; std::string ciphers; + std::string tls13_ciphers; // supported groups (or curves). std::string groups; // length of upload data