From df0912cdd37476b19e3d0bd53d9701ac67fe5d19 Mon Sep 17 00:00:00 2001 From: Shang Ding Date: Wed, 6 Mar 2024 19:06:19 -0600 Subject: [PATCH 1/2] add tls cipher metric to record ciphersuite record name of ciphersuite negotiated during handshake in new probe_tls_cipher_info metric Signed-off-by: Shang Ding --- prober/http.go | 8 +++++++- prober/prober.go | 6 ++++++ prober/tls.go | 4 ++++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/prober/http.go b/prober/http.go index 232214c39..d79e8e1c1 100644 --- a/prober/http.go +++ b/prober/http.go @@ -282,6 +282,11 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr []string{"version"}, ) + probeTLSCipher = prometheus.NewGaugeVec( + probeTLSCipherGaugeOpts, + []string{"cipher"}, + ) + probeHTTPVersionGauge = prometheus.NewGauge(prometheus.GaugeOpts{ Name: "probe_http_version", Help: "Returns the version of HTTP of the probe response", @@ -638,9 +643,10 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr if resp.TLS != nil { isSSLGauge.Set(float64(1)) - registry.MustRegister(probeSSLEarliestCertExpiryGauge, probeTLSVersion, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation) + registry.MustRegister(probeSSLEarliestCertExpiryGauge, probeTLSVersion, probeTLSCipher, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation) probeSSLEarliestCertExpiryGauge.Set(float64(getEarliestCertExpiry(resp.TLS).Unix())) probeTLSVersion.WithLabelValues(getTLSVersion(resp.TLS)).Set(1) + probeTLSCipher.WithLabelValues(getTLSCipher(resp.TLS)).Set(1) probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(resp.TLS).Unix())) probeSSLLastInformation.WithLabelValues(getFingerprint(resp.TLS), getSubject(resp.TLS), getIssuer(resp.TLS), getDNSNames(resp.TLS)).Set(1) if httpConfig.FailIfSSL { diff --git a/prober/prober.go b/prober/prober.go index 850ee7c5b..dbf0ccb3a 100644 --- a/prober/prober.go +++ b/prober/prober.go @@ -28,6 +28,7 @@ const ( helpSSLEarliestCertExpiry = "Returns last SSL chain expiry in unixtime" helpSSLChainExpiryInTimeStamp = "Returns last SSL chain expiry in timestamp" helpProbeTLSInfo = "Returns the TLS version used or NaN when unknown" + helpProbeTLSCipher = "Returns the TLS cipher negotiated during handshake or 0x000 when unknown" ) var ( @@ -45,4 +46,9 @@ var ( Name: "probe_tls_version_info", Help: helpProbeTLSInfo, } + + probeTLSCipherGaugeOpts = prometheus.GaugeOpts{ + Name: "probe_tls_cipher_info", + Help: helpProbeTLSCipher, + } ) diff --git a/prober/tls.go b/prober/tls.go index 7df8e5758..3da17a053 100644 --- a/prober/tls.go +++ b/prober/tls.go @@ -83,3 +83,7 @@ func getTLSVersion(state *tls.ConnectionState) string { return "unknown" } } + +func getTLSCipher(state *tls.ConnectionState) string { + return tls.CipherSuiteName(state.CipherSuite) +} From 5c58a3801b438968cf286497a51734b9d9abd447 Mon Sep 17 00:00:00 2001 From: Shang Ding Date: Thu, 7 Mar 2024 19:07:15 -0600 Subject: [PATCH 2/2] tidy up helpProbeTLSCipher help text Signed-off-by: Shang Ding --- prober/prober.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prober/prober.go b/prober/prober.go index dbf0ccb3a..93d4e3d6a 100644 --- a/prober/prober.go +++ b/prober/prober.go @@ -28,7 +28,7 @@ const ( helpSSLEarliestCertExpiry = "Returns last SSL chain expiry in unixtime" helpSSLChainExpiryInTimeStamp = "Returns last SSL chain expiry in timestamp" helpProbeTLSInfo = "Returns the TLS version used or NaN when unknown" - helpProbeTLSCipher = "Returns the TLS cipher negotiated during handshake or 0x000 when unknown" + helpProbeTLSCipher = "Returns the TLS cipher negotiated during handshake" ) var (