From 38442e017e2aca19786765e704905d6d18261975 Mon Sep 17 00:00:00 2001
From: Kyle Nekritz <knekritz@fb.com>
Date: Fri, 9 Dec 2016 16:09:42 -0800
Subject: [PATCH] Log supported versions extension in AsyncSSLSocket.

Summary: To monitor client support of TLS 1.3.

Reviewed By: ngoyal

Differential Revision: D4308473

fbshipit-source-id: cb6fb444c8b7ced39e6655a0f63b18523c2fb9c5
---
 folly/io/async/AsyncSSLSocket.cpp   | 15 +++++++++++++++
 folly/io/async/AsyncSSLSocket.h     |  6 ++++++
 folly/io/async/ssl/TLSDefinitions.h |  2 ++
 3 files changed, 23 insertions(+)

diff --git a/folly/io/async/AsyncSSLSocket.cpp b/folly/io/async/AsyncSSLSocket.cpp
index 242e0b26..7a65d1a0 100644
--- a/folly/io/async/AsyncSSLSocket.cpp
+++ b/folly/io/async/AsyncSSLSocket.cpp
@@ -1697,6 +1697,14 @@ void AsyncSSLSocket::clientHelloParsingCallback(int written,
             sock->clientHelloInfo_->
               clientHelloSigAlgs_.emplace_back(hashAlg, sigAlg);
           }
+        } else if (extensionType == ssl::TLSExtension::SUPPORTED_VERSIONS) {
+          cursor.skip(1);
+          extensionDataLength -= 1;
+          while (extensionDataLength) {
+            sock->clientHelloInfo_->clientHelloSupportedVersions_.push_back(
+                cursor.readBE<uint16_t>());
+            extensionDataLength -= 2;
+          }
         } else {
           cursor.skip(extensionDataLength);
         }
@@ -1790,6 +1798,13 @@ std::string AsyncSSLSocket::getSSLClientSigAlgs() const {
   return sigAlgs;
 }
 
+std::string AsyncSSLSocket::getSSLClientSupportedVersions() const {
+  if (!parseClientHello_) {
+    return "";
+  }
+  return folly::join(":", clientHelloInfo_->clientHelloSupportedVersions_);
+}
+
 std::string AsyncSSLSocket::getSSLAlertsReceived() const {
   std::string ret;
 
diff --git a/folly/io/async/AsyncSSLSocket.h b/folly/io/async/AsyncSSLSocket.h
index 6f8b1464..5140a824 100644
--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -561,6 +561,12 @@ class AsyncSSLSocket : public virtual AsyncSocket {
 
   std::string getSSLClientSigAlgs() const;
 
+  /**
+   * Get the list of versions in the supported versions extension (used to
+   * negotiate TLS 1.3).
+   */
+  std::string getSSLClientSupportedVersions() const;
+
   std::string getSSLAlertsReceived() const;
 
   /**
diff --git a/folly/io/async/ssl/TLSDefinitions.h b/folly/io/async/ssl/TLSDefinitions.h
index 17209100..691b8da0 100644
--- a/folly/io/async/ssl/TLSDefinitions.h
+++ b/folly/io/async/ssl/TLSDefinitions.h
@@ -51,6 +51,7 @@ enum class TLSExtension : uint16_t {
   ENCRYPT_THEN_MAC = 22,
   EXTENDED_MASTER_SECRET = 23,
   SESSION_TICKET = 35,
+  SUPPORTED_VERSIONS = 43,
   // Facebook-specific, not IANA assigned yet
   TLS_CACHED_INFO_FB = 60001,
   // End Facebook-specific
@@ -84,6 +85,7 @@ struct ClientHelloInfo {
   std::vector<uint8_t> clientHelloCompressionMethods_;
   std::vector<TLSExtension> clientHelloExtensions_;
   std::vector<std::pair<HashAlgorithm, SignatureAlgorithm>> clientHelloSigAlgs_;
+  std::vector<uint16_t> clientHelloSupportedVersions_;
 };
 
 } // ssl
-- 
2.34.1