httpserver: Placeholders for tls_protocol and tls_cipher (#2062)

Also add SSL_PROTOCOL and SSL_CIPHER env vars for fastcgi. * Implement placeholders for ssl_protocol and ssl_cipher * gofmt * goimports * Housekeeping and implement as {tls_protocol} and {tls_cipher}
2026-05-19 14:08:31 -04:00 · 2018-03-18 00:27:10 +01:00
parent 3ee6d30659
commit ca34a3e1aa
4 changed files with 52 additions and 6 deletions
--- a/caddyhttp/httpserver/replacer.go
+++ b/caddyhttp/httpserver/replacer.go
@@ -29,6 +29,7 @@ import (
 	"time"

 	"github.com/mholt/caddy"
+	"github.com/mholt/caddy/caddytls"
 )

 // requestReplacer is a strings.Replacer which is used to
@@ -375,6 +376,26 @@ func (r *replacer) getSubstitution(key string) string {
 		}
 		elapsedDuration := time.Since(r.responseRecorder.start)
 		return strconv.FormatInt(convertToMilliseconds(elapsedDuration), 10)
+	case "{tls_protocol}":
+		if r.request.TLS != nil {
+			for k, v := range caddytls.SupportedProtocols {
+				if v == r.request.TLS.Version {
+					return k
+				}
+			}
+			return "tls" // this should never happen, but guard in case
+		}
+		return r.emptyValue // because not using a secure channel
+	case "{tls_cipher}":
+		if r.request.TLS != nil {
+			for k, v := range caddytls.SupportedCiphersMap {
+				if v == r.request.TLS.CipherSuite {
+					return k
+				}
+			}
+			return "UNKNOWN" // this should never happen, but guard in case
+		}
+		return r.emptyValue
 	}

 	return r.emptyValue