MEDIUM: checks: Implement ssl-hello check using tcp-check rules A shared tcp-check ruleset is now created to support ssl-hello check. This way no extra memory is used if several backends use a ssl-hello check. The following sequence is used : tcp-check send-binary SSLV3_CLIENT_HELLO log-format tcp-check expect rbinary "^1[56]" min-recv 5 \ error-status "L6RSP" tout-status "L6TOUT" SSLV3_CLIENT_HELLO is a log-format hexa string representing a SSLv3 CLIENT HELLO packet. It is the same than the one used by the old ssl-hello except the sample expression "%[date(),htonl,hex]" is used to set the date field.

commit: 811f78ced16931482bc31498e8acb22e1b680bde [log] [tgz]
author: Christopher Faulet <cfaulet@haproxy.com> Wed Apr 01 11:10:27 2020 +0200
committer: Christopher Faulet <cfaulet@haproxy.com> Mon Apr 27 09:39:38 2020 +0200
tree: ccb2933bd53163ca6b6ca0ca18dbbc2de2608d19
parent: 33f05df650b6b35ac2e3b2208ffea6aa3131a40b [diff] [blame]
diff --git a/include/types/checks.h b/include/types/checks.h
index b5f4649..4830f0d 100644
--- a/include/types/checks.h
+++ b/include/types/checks.h

@@ -313,6 +313,7 @@
 #define TCPCHK_RULES_DEF         0x00000002 /* Ruleset inherited from the default section */
 
 #define TCPCHK_RULES_REDIS_CHK   0x00000020
+#define TCPCHK_RULES_SSL3_CHK    0x00000070
 
 /* A list of tcp-check vars, to be registered before executing a ruleset */
 struct tcpcheck_var {
commit	811f78ced16931482bc31498e8acb22e1b680bde	[log] [tgz]
author	Christopher Faulet <cfaulet@haproxy.com>	Wed Apr 01 11:10:27 2020 +0200
committer	Christopher Faulet <cfaulet@haproxy.com>	Mon Apr 27 09:39:38 2020 +0200
tree	ccb2933bd53163ca6b6ca0ca18dbbc2de2608d19
parent	33f05df650b6b35ac2e3b2208ffea6aa3131a40b [diff] [blame]