proxygen
SSLOptions.h
Go to the documentation of this file.
1 /*
2  * Copyright 2017-present Facebook, Inc.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <folly/container/Array.h>
20 #include <folly/io/async/SSLContext.h>
21 
22 namespace folly {
23 namespace ssl {
24 
25 namespace ssl_options_detail {
26 void logDfatal(std::exception const&);
27 } // namespace ssl_options_detail
28 
29 struct SSLCommonOptions {
33  static constexpr auto kCipherList = folly::make_array(
34  "ECDHE-ECDSA-AES128-GCM-SHA256",
35  "ECDHE-RSA-AES128-GCM-SHA256",
36  "ECDHE-ECDSA-AES256-GCM-SHA384",
37  "ECDHE-RSA-AES256-GCM-SHA384",
38  "ECDHE-ECDSA-AES256-SHA",
39  "ECDHE-RSA-AES256-SHA",
40  "ECDHE-ECDSA-AES128-SHA",
41  "ECDHE-RSA-AES128-SHA",
42  "ECDHE-RSA-AES256-SHA384",
43  "AES128-GCM-SHA256",
44  "AES256-SHA",
45  "AES128-SHA");
46 
51  static constexpr auto kSignatureAlgorithms = folly::make_array(
52  "RSA+SHA512",
53  "ECDSA+SHA512",
54  "RSA+SHA384",
55  "ECDSA+SHA384",
56  "RSA+SHA256",
57  "ECDSA+SHA256",
58  "RSA+SHA1",
59  "ECDSA+SHA1");
60 
66  static void setClientOptions(SSLContext& ctx);
67 };
68 
72 struct SSLServerOptions {
76  static constexpr auto kCipherList = folly::make_array(
77  "ECDHE-ECDSA-AES128-GCM-SHA256",
78  "ECDHE-ECDSA-AES256-GCM-SHA384",
79  "ECDHE-ECDSA-AES128-SHA",
80  "ECDHE-ECDSA-AES256-SHA",
81  "ECDHE-RSA-AES128-GCM-SHA256",
82  "ECDHE-RSA-AES256-GCM-SHA384",
83  "ECDHE-RSA-AES128-SHA",
84  "ECDHE-RSA-AES256-SHA",
85  "AES128-GCM-SHA256",
86  "AES256-GCM-SHA384",
87  "AES128-SHA",
88  "AES256-SHA");
89 };
90 
96 template <typename TSSLOptions>
97 void setCipherSuites(SSLContext& ctx) {
98  try {
99  ctx.setCipherList(TSSLOptions::kCipherList);
100  } catch (std::runtime_error const& e) {
101  ssl_options_detail::logDfatal(e);
102  }
103 }
104 
110 template <typename TSSLOptions>
111 void setSignatureAlgorithms(SSLContext& ctx) {
112  try {
113  ctx.setSignatureAlgorithms(TSSLOptions::kSignatureAlgorithms);
114  } catch (std::runtime_error const& e) {
115  ssl_options_detail::logDfatal(e);
116  }
117 }
118 
119 } // namespace ssl
120 } // namespace folly
folly::SSLContext::setCipherList
void setCipherList(Iterator ibegin, Iterator iend)
Definition: SSLContext.h:167
folly::make_array
constexpr array_detail::return_type< D, TList... > make_array(TList &&...t)
Definition: Array.h:56
folly::ssl::setCipherSuites
void setCipherSuites(SSLContext &ctx)
Definition: SSLOptions.h:97
folly
—— Concurrent Priority Queue Implementation ——
Definition: AtomicBitSet.h:29
folly::ssl::setSignatureAlgorithms
void setSignatureAlgorithms(SSLContext &ctx)
Definition: SSLOptions.h:111
folly::SSLContext::setSignatureAlgorithms
void setSignatureAlgorithms(Iterator ibegin, Iterator iend)
Definition: SSLContext.h:192
folly::ssl::ssl_options_detail::logDfatal
void logDfatal(std::exception const &e)
Definition: SSLOptions.cpp:25