pingora icon indicating copy to clipboard operation
pingora copied to clipboard
verified publisher icon cloudflare

SSL connection metadata should be available to request filters

Open dward opened this issue 1 year ago • 7 comments

What is the problem your feature solves, or the need it fulfills?

SSL connection metadata should be available to filters such as request_filter.

Metadata such as the following would be useful for routing, logging, and generation of JA3 fingerprints

  • SNI
  • Cipher
  • TLS Version
  • Extensions list
  • Client ciphers, curve list and formats

Describe the solution you'd like

The metadata would be accessible through via the request_filters through the Session struct.

Describe alternatives you've considered

There are no alternatives as the data is not currently available.

Additional context

HAProxy provides the following SSL metadata: https://www.haproxy.com/documentation/haproxy-configuration-manual/latest/#7.3.4-ssl_fc

NGINX: http://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables

dward avatar Mar 06 '24 22:03 dward

this would be very useful as it allows for things like JA3/JA4 etc

LessThanGreaterThan avatar Mar 07 '24 02:03 LessThanGreaterThan

I agree, it will be great to have it

xlmnxp avatar Mar 29 '24 04:03 xlmnxp