walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

h2load: Add --tls13-ciphers option

This commit is contained in:
Tatsuhiro Tsujikawa 2019-08-08 09:59:21 +09:00
parent b558eeb861
commit db5ad83776
2 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/h2load.cc
View File

@ -77,6 +77,8 @@ bool recorded(const std::chrono::steady_clock::time_point &t) {
Config::Config() Config::Config()
: ciphers(tls::DEFAULT_CIPHER_LIST), : ciphers(tls::DEFAULT_CIPHER_LIST),
tls13_ciphers("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_"
"CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256"),
groups("P-256:X25519:P-384:P-521"), groups("P-256:X25519:P-384:P-521"),
data_length(-1), data_length(-1),
addrs(nullptr), addrs(nullptr),
@ -2099,10 +2101,15 @@ Options:
-H, --header=<HEADER> -H, --header=<HEADER>
Add/Override a header to the requests. Add/Override a header to the requests.
--ciphers=<SUITE> --ciphers=<SUITE>
Set allowed cipher list. The format of the string is Set allowed cipher list for TLSv1.2 or ealier. The
described in OpenSSL ciphers(1). format of the string is described in OpenSSL ciphers(1).
Default: )" Default: )"
<< config.ciphers << R"( << config.ciphers << R"(
--tls13-ciphers=<SUITE>
Set allowed cipher list for TLSv1.3. The format of the
string is described in OpenSSL ciphers(1).
Default: )"
<< config.tls13_ciphers << R"(
-p, --no-tls-proto=<PROTOID> -p, --no-tls-proto=<PROTOID>
Specify ALPN identifier of the protocol to be used when Specify ALPN identifier of the protocol to be used when
accessing http URI without SSL/TLS. accessing http URI without SSL/TLS.
@ -2286,6 +2293,7 @@ int main(int argc, char **argv) {
{"connect-to", required_argument, &flag, 11}, {"connect-to", required_argument, &flag, 11},
{"rps", required_argument, &flag, 12}, {"rps", required_argument, &flag, 12},
{"groups", required_argument, &flag, 13}, {"groups", required_argument, &flag, 13},
{"tls13-ciphers", required_argument, &flag, 14},
{nullptr, 0, nullptr, 0}}; {nullptr, 0, nullptr, 0}};
int option_index = 0; int option_index = 0;
auto c = getopt_long(argc, argv, auto c = getopt_long(argc, argv,
@ -2540,6 +2548,10 @@ int main(int argc, char **argv) {
// --groups // --groups
config.groups = optarg; config.groups = optarg;
break; break;
case 14:
// --tls13-ciphers
config.tls13_ciphers = optarg;
break;
} }
break; break;
default: default:
@ -2767,7 +2779,12 @@ int main(int argc, char **argv) {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
// TODO Use SSL_CTX_set_ciphersuites to set TLSv1.3 cipher list if (SSL_CTX_set_ciphersuites(ssl_ctx, config.tls13_ciphers.c_str()) == 0) {
std::cerr << "SSL_CTX_set_ciphersuites with " << config.tls13_ciphers
<< " failed: " << ERR_error_string(ERR_get_error(), nullptr)
<< std::endl;
exit(EXIT_FAILURE);
}
if (SSL_CTX_set1_groups_list(ssl_ctx, config.groups.c_str()) != 1) { if (SSL_CTX_set1_groups_list(ssl_ctx, config.groups.c_str()) != 1) {
std::cerr << "SSL_CTX_set1_groups_list failed" << std::endl; std::cerr << "SSL_CTX_set1_groups_list failed" << std::endl;

1
src/h2load.h
View File

@ -75,6 +75,7 @@ struct Config {
std::string connect_to_host; std::string connect_to_host;
std::string ifile; std::string ifile;
std::string ciphers; std::string ciphers;
std::string tls13_ciphers;
// supported groups (or curves). // supported groups (or curves).
std::string groups; std::string groups;
// length of upload data // length of upload data