Use SSL_client_hello_get0_ciphers() instead of SSL_get0_raw_cipherlist() #64
Comments
|
@climagabriel , do you have a patch that does this? |
|
I will. There's a lot more stuff I need to do in the clienthello callback so the only option for me is to move all this to lua and perform the ja3 calculation there, along with whatever else I need to do. I've already moved the extensions extraction to lua: And yeah I'm doing the rest of the fields as well. |
|
nginx/nginx#562 |
|
Btw, SSL_client_hello_get1_extensions_present already excludes all the GREASE extensions |
climagabriel
added a commit
to climagabriel/lua-nginx-module
that referenced
this issue
May 7, 2025
Partially inspired by: https://github.com/naofumi0628/haproxy/blob/fefb9e37714bd2e3ad2adc3a321e165fc1dafae2/src/ssl_sock.c#L2252 Relevant: fooinha/nginx-ssl-ja3#64 openssl/openssl#27580 And especially: https://github.com/openresty/lua-nginx-module#:~:text=after%20SSL%20handshake%2C-,the%20ngx.ctx%20created,-in%20ssl_certificate_by_lua* It might be pointless for me to pull all this data into Lua-land if I don't find a way to store those values. I need some kind of ngx.ctx but related not a request but to a ngx_ssl_connection_t, instead of a request.
climagabriel
added a commit
to climagabriel/lua-nginx-module
that referenced
this issue
May 8, 2025
Partially inspired by: https://github.com/naofumi0628/haproxy/blob/fefb9e37714bd2e3ad2adc3a321e165fc1dafae2/src/ssl_sock.c#L2252 Relevant: fooinha/nginx-ssl-ja3#64 openssl/openssl#27580 And especially: https://github.com/openresty/lua-nginx-module#:~:text=after%20SSL%20handshake%2C-,the%20ngx.ctx%20created,-in%20ssl_certificate_by_lua* It might be pointless for me to pull all this data into Lua-land if I don't find a way to store those values. I need some kind of ngx.ctx but related not a request but to a connection instead of a request.
climagabriel
added a commit
to climagabriel/lua-nginx-module
that referenced
this issue
May 8, 2025
Partially inspired by: https://github.com/naofumi0628/haproxy/blob/fefb9e37714bd2e3ad2adc3a321e165fc1dafae2/src/ssl_sock.c#L2252 Relevant: fooinha/nginx-ssl-ja3#64 openssl/openssl#27580 And especially: https://github.com/openresty/lua-nginx-module#:~:text=after%20SSL%20handshake%2C-,the%20ngx.ctx%20created,-in%20ssl_certificate_by_lua* It might be pointless for me to pull all this data into Lua-land if I don't find a way to store those values. I need some kind of ngx.ctx but related not a request but to a connection instead of a request.
climagabriel
added a commit
to climagabriel/lua-nginx-module
that referenced
this issue
May 8, 2025
Partially inspired by: https://github.com/naofumi0628/haproxy/blob/fefb9e37714bd2e3ad2adc3a321e165fc1dafae2/src/ssl_sock.c#L2252 Relevant: fooinha/nginx-ssl-ja3#64 openssl/openssl#27580 And especially: https://github.com/openresty/lua-nginx-module#:~:text=after%20SSL%20handshake%2C-,the%20ngx.ctx%20created,-in%20ssl_certificate_by_lua* It might be pointless for me to pull all this data into Lua-land if I don't find a way to store those values. I need some kind of ngx.ctx but related not a request but to a connection instead of a request.
climagabriel
added a commit
to climagabriel/nginx-ssl-ja3
that referenced
this issue
May 8, 2025
climagabriel
added a commit
to climagabriel/nginx-ssl-ja3
that referenced
this issue
May 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
You're already using up the clienthello callback to get the extensions. Why not get the ciphers offered up by the client in the clienthello packet with SSL_client_hello_get0_ciphers() while you're at it?
Not to mention that it would better conform to the definition of JA3 as a fingerprint of the clienthello packet, not of the negociated SSL session.
The text was updated successfully, but these errors were encountered: