2 * Copyright 2004-present Facebook, Inc.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 #include <folly/Array.h>
20 #include <folly/io/async/SSLContext.h>
25 namespace ssl_options_detail {
26 void logDfatal(std::exception const&);
29 struct SSLCommonOptions {
31 * The cipher list recommended for this options configuration.
33 static constexpr auto kCipherList = folly::make_array(
34 "ECDHE-ECDSA-AES128-GCM-SHA256",
35 "ECDHE-RSA-AES128-GCM-SHA256",
36 "ECDHE-ECDSA-AES256-GCM-SHA384",
37 "ECDHE-RSA-AES256-GCM-SHA384",
38 "ECDHE-ECDSA-AES256-SHA",
39 "ECDHE-RSA-AES256-SHA",
40 "ECDHE-ECDSA-AES128-SHA",
41 "ECDHE-RSA-AES128-SHA",
42 "ECDHE-RSA-AES256-SHA384",
48 * The list of signature algorithms recommended for this options
51 static constexpr auto kSignatureAlgorithms = folly::make_array(
62 * Set common parameters on a client SSL context, for example,
63 * ciphers, signature algorithms, verification options, and client EC curves.
64 * @param ctx The SSL Context to which to apply the options.
66 static void setClientOptions(SSLContext& ctx);
70 * Set the cipher suite of ctx to that in TSSLOptions, and print any runtime
72 * @param ctx The SSLContext to apply the desired SSL options to.
74 template <typename TSSLOptions>
75 void setCipherSuites(SSLContext& ctx) {
77 ctx.setCipherList(TSSLOptions::kCipherList);
78 } catch (std::runtime_error const& e) {
79 ssl_options_detail::logDfatal(e);
84 * Set the signature algorithm list of ctx to that in TSSLOptions, and print
85 * any runtime errors it catche.
86 * @param ctx The SSLContext to apply the desired SSL options to.
88 template <typename TSSLOptions>
89 void setSignatureAlgorithms(SSLContext& ctx) {
91 ctx.setSignatureAlgorithms(TSSLOptions::kSignatureAlgorithms);
92 } catch (std::runtime_error const& e) {
93 ssl_options_detail::logDfatal(e);