From c7087eb7400bc652d3a53e7b92045ccaecce9bc2 Mon Sep 17 00:00:00 2001
From: Anirudh Ramachandran <avr@fb.com>
Date: Mon, 21 Mar 2016 15:46:23 -0700
Subject: [PATCH] Add option to retrieve hex representation of client ciphers

Summary: A more compact hex representation of ciphers in ClientHello can be useful, e.g., for logging.

Reviewed By: knekritz

Differential Revision: D3052308

fb-gh-sync-id: beaf6fcd4705d4d7fae652d8d8b95b52ca9e07a9
shipit-source-id: beaf6fcd4705d4d7fae652d8d8b95b52ca9e07a9
---
 folly/io/async/AsyncSSLSocket.h | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/folly/io/async/AsyncSSLSocket.h b/folly/io/async/AsyncSSLSocket.h
index 4900d2fa..a9527046 100644
--- a/folly/io/async/AsyncSSLSocket.h
+++ b/folly/io/async/AsyncSSLSocket.h
@@ -538,7 +538,9 @@ class AsyncSSLSocket : public virtual AsyncSocket {
    * Get the list of supported ciphers sent by the client in the client's
    * preference order.
    */
-  void getSSLClientCiphers(std::string& clientCiphers) const {
+  void getSSLClientCiphers(
+      std::string& clientCiphers,
+      bool convertToString = true) const {
     std::stringstream ciphersStream;
     std::string cipherName;
 
@@ -550,22 +552,25 @@ class AsyncSSLSocket : public virtual AsyncSocket {
 
     for (auto originalCipherCode : clientHelloInfo_->clientHelloCipherSuites_)
     {
-      // OpenSSL expects code as a big endian char array
-      auto cipherCode = htons(originalCipherCode);
+      const SSL_CIPHER* cipher = nullptr;
+      if (convertToString) {
+        // OpenSSL expects code as a big endian char array
+        auto cipherCode = htons(originalCipherCode);
 
 #if defined(SSL_OP_NO_TLSv1_2)
-      const SSL_CIPHER* cipher =
-          TLSv1_2_method()->get_cipher_by_char((unsigned char*)&cipherCode);
+        cipher =
+            TLSv1_2_method()->get_cipher_by_char((unsigned char*)&cipherCode);
 #elif defined(SSL_OP_NO_TLSv1_1)
-      const SSL_CIPHER* cipher =
-          TLSv1_1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
+        cipher =
+            TLSv1_1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
 #elif defined(SSL_OP_NO_TLSv1)
-      const SSL_CIPHER* cipher =
-          TLSv1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
+        cipher =
+            TLSv1_method()->get_cipher_by_char((unsigned char*)&cipherCode);
 #else
-      const SSL_CIPHER* cipher =
-          SSLv3_method()->get_cipher_by_char((unsigned char*)&cipherCode);
+        cipher =
+            SSLv3_method()->get_cipher_by_char((unsigned char*)&cipherCode);
 #endif
+      }
 
       if (cipher == nullptr) {
         ciphersStream << std::setfill('0') << std::setw(4) << std::hex
-- 
2.34.1