New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TLS connection info to response object #322

Merged
merged 4 commits into from Oct 24, 2017

Conversation

Projects
None yet
2 participants
@robingustafsson
Member

robingustafsson commented Sep 25, 2017

This PR adds TLS version, cipher suite and OCSP stapled response information to each HTTP response object, implementing #298.

Example usage:

import http from "k6/http";
import { check } from "k6";

export let options = {
    tlsCipherSuites: [
        "TLS_RSA_WITH_RC4_128_SHA",
        "TLS_RSA_WITH_AES_128_GCM_SHA256",
    ],
    tlsVersion: {
        min: "ssl3.0",
        max: "tls1.2"
    }
};

export default function() {
    let res = http.get("https://sha256.badssl.com");
    check(res, {
        "is TLSv1.2": (r) => r.tls_version === "tls1.2",
        "is sha256 cipher suite": (r) => r.tls_cipher_suite === "TLS_RSA_WITH_AES_128_GCM_SHA256"
    });
};

and

import http from "k6/http";
import { check } from "k6";

export default function() {
    let res = http.get("https://stackoverflow.com");
    check(res, {
        "is OCSP response good": (r) => r.ocsp.stapled_response.status === "good"
    });
};

The OCSP stapled_response object also contains the following properties:

  • ocsp.stapled_response.revocation_reason: a string
  • ocsp.stapled_response.produced_at: a date string
  • ocsp.stapled_response.this_update: a date string
  • ocsp.stapled_response.next_update: a date string
  • ocsp.stapled_response.revoked_at: a date string

@robingustafsson robingustafsson requested a review from liclac Sep 25, 2017

@liclac

This comment has been minimized.

Show comment
Hide comment
@liclac

liclac Oct 4, 2017

Collaborator

I want to make a structural change here, because for the first time in k6' history, we have a use for constants.

Making this easy-to-read string comparisons (ocsp.status === "good") sounds good in theory, until someone typo's it as "god" and suddenly we're refusing to trust any authority short of a holy scripture. And while that's a fairly easy one to catch, what about "tls1.2" vs "TLS1.2"?

The change I'm proposing is:

  1. Change the module definition from simply type HTTP struct{}, to:

    type HTTP struct{
        SSL_3_0, TLS_1_0, TLS_1_1, TLS_1_2 string
    }
    
    func New() *HTTP {
        return &HTTP{
            SSL_3_0: "ssl3.0",
            // ...
        }
    }
  2. Change js/modules/index.go from &http.HTTP{} to http.New(), and for consistency, also do this for all modules + their unit tests.

The actual naming of the constants is up for debate, and I think OCSP status may be better implemented as a tristate bool (*bool, true/false/null).

Collaborator

liclac commented Oct 4, 2017

I want to make a structural change here, because for the first time in k6' history, we have a use for constants.

Making this easy-to-read string comparisons (ocsp.status === "good") sounds good in theory, until someone typo's it as "god" and suddenly we're refusing to trust any authority short of a holy scripture. And while that's a fairly easy one to catch, what about "tls1.2" vs "TLS1.2"?

The change I'm proposing is:

  1. Change the module definition from simply type HTTP struct{}, to:

    type HTTP struct{
        SSL_3_0, TLS_1_0, TLS_1_1, TLS_1_2 string
    }
    
    func New() *HTTP {
        return &HTTP{
            SSL_3_0: "ssl3.0",
            // ...
        }
    }
  2. Change js/modules/index.go from &http.HTTP{} to http.New(), and for consistency, also do this for all modules + their unit tests.

The actual naming of the constants is up for debate, and I think OCSP status may be better implemented as a tristate bool (*bool, true/false/null).

Show outdated Hide outdated js/modules/k6/http/http.go Outdated
Show outdated Hide outdated js/modules/k6/http/http.go Outdated
Show outdated Hide outdated js/modules/k6/http/http.go Outdated
Show outdated Hide outdated js/modules/k6/http/http.go Outdated
Show outdated Hide outdated js/modules/k6/http/http.go Outdated
Show outdated Hide outdated js/modules/k6/http/http.go Outdated
Show outdated Hide outdated js/modules/k6/http/http_test.go Outdated
@liclac

This comment has been minimized.

Show comment
Hide comment
@liclac

liclac Oct 4, 2017

Collaborator

I'd also like TLS version and OCSP status to be added as tags to responses.

Collaborator

liclac commented Oct 4, 2017

I'd also like TLS version and OCSP status to be added as tags to responses.

@robingustafsson

This comment has been minimized.

Show comment
Hide comment
@robingustafsson

robingustafsson Oct 5, 2017

Member

@liclac Haha, ocsp.status === "god" is of course the status when you've successfully infiltrated a CA with a HTTP request 😄

Agree on the use of constants for TLS version and cipher suites. I'll change the OCSP status to use constants as well. IMHO that's more clear when reading than a tristate.

Member

robingustafsson commented Oct 5, 2017

@liclac Haha, ocsp.status === "god" is of course the status when you've successfully infiltrated a CA with a HTTP request 😄

Agree on the use of constants for TLS version and cipher suites. I'll change the OCSP status to use constants as well. IMHO that's more clear when reading than a tristate.

@robingustafsson

This comment has been minimized.

Show comment
Hide comment
@robingustafsson

robingustafsson Oct 20, 2017

Member

@liclac Requested changes have now been done, please have another look.

Member

robingustafsson commented Oct 20, 2017

@liclac Requested changes have now been done, please have another look.

Show outdated Hide outdated js/modules/k6/http/http.go Outdated
Show outdated Hide outdated js/modules/k6/http/http.go Outdated
Show outdated Hide outdated js/modules/k6/http/http.go Outdated
Show outdated Hide outdated js/modules/k6/http/http.go Outdated
Show outdated Hide outdated js/modules/k6/http/http.go Outdated
@robingustafsson

This comment has been minimized.

Show comment
Hide comment
@robingustafsson

robingustafsson Oct 23, 2017

Member

@liclac Requested changes have been made.

Member

robingustafsson commented Oct 23, 2017

@liclac Requested changes have been made.

@liclac

liclac approved these changes Oct 24, 2017

@liclac liclac merged commit c849005 into master Oct 24, 2017

1 check passed

ci/circleci Your tests passed on CircleCI!
Details

@liclac liclac deleted the feature/tls-resp-info branch Oct 24, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment