pub mod edge101;
pub mod edge122;
pub mod edge127;
use crate::tls::Http2Settings;
use http2::{HEADERS_PSEUDO_ORDER, HEADER_PRORIORITY, SETTINGS_ORDER};
pub fn http2_template_1() -> Http2Settings {
Http2Settings::builder()
.initial_stream_window_size(6291456)
.initial_connection_window_size(15728640)
.max_concurrent_streams(1000)
.max_header_list_size(262144)
.header_table_size(65536)
.headers_priority(HEADER_PRORIORITY)
.headers_pseudo_order(HEADERS_PSEUDO_ORDER)
.settings_order(SETTINGS_ORDER)
.build()
}
pub fn http2_template_2() -> Http2Settings {
Http2Settings::builder()
.initial_stream_window_size(6291456)
.initial_connection_window_size(15728640)
.max_header_list_size(262144)
.header_table_size(65536)
.enable_push(false)
.headers_priority(HEADER_PRORIORITY)
.headers_pseudo_order(HEADERS_PSEUDO_ORDER)
.settings_order(SETTINGS_ORDER)
.build()
}
mod tls {
use crate::{
tls::{cert_compression::CertCompressionAlgorithm, extension::TlsExtension, TlsSettings},
HttpVersionPref,
};
use boring::{
error::ErrorStack,
ssl::{SslConnector, SslCurve, SslMethod, SslVersion},
};
use typed_builder::TypedBuilder;
pub const CURVES: &[SslCurve] = &[SslCurve::X25519, SslCurve::SECP256R1, SslCurve::SECP384R1];
pub const NEW_CURVES: &[SslCurve] = &[
SslCurve::X25519_KYBER768_DRAFT00,
SslCurve::X25519,
SslCurve::SECP256R1,
SslCurve::SECP384R1,
];
pub const CIPHER_LIST: [&str; 15] = [
"TLS_AES_128_GCM_SHA256",
"TLS_AES_256_GCM_SHA384",
"TLS_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_128_CBC_SHA",
"TLS_RSA_WITH_AES_256_CBC_SHA",
];
pub const SIGALGS_LIST: [&str; 8] = [
"ecdsa_secp256r1_sha256",
"rsa_pss_rsae_sha256",
"rsa_pkcs1_sha256",
"ecdsa_secp384r1_sha384",
"rsa_pss_rsae_sha384",
"rsa_pkcs1_sha384",
"rsa_pss_rsae_sha512",
"rsa_pkcs1_sha512",
];
#[derive(TypedBuilder)]
pub struct EdgeTlsSettings<'a> {
#[builder(default = &CURVES)]
curves: &'static [SslCurve],
#[builder(default = &SIGALGS_LIST)]
sigalgs_list: &'a [&'a str],
#[builder(default = &CIPHER_LIST)]
cipher_list: &'a [&'a str],
#[builder(default = true, setter(into))]
application_settings: bool,
#[builder(default = false, setter(into))]
enable_ech_grease: bool,
#[builder(default = false, setter(into))]
permute_extensions: bool,
#[builder(default = false, setter(into))]
pre_shared_key: bool,
}
impl TryInto<TlsSettings> for EdgeTlsSettings<'_> {
type Error = ErrorStack;
fn try_into(self) -> Result<TlsSettings, Self::Error> {
let sigalgs_list = self.sigalgs_list.join(":");
let cipher_list = self.cipher_list.join(":");
let curves = self.curves;
let connector = Box::new(move || {
let mut builder = SslConnector::builder(SslMethod::tls_client())?;
builder.set_grease_enabled(true);
builder.enable_ocsp_stapling();
builder.set_curves(curves)?;
builder.set_sigalgs_list(&sigalgs_list)?;
builder.set_cipher_list(&cipher_list)?;
builder.enable_signed_cert_timestamps();
builder.set_min_proto_version(Some(SslVersion::TLS1_2))?;
builder.set_max_proto_version(Some(SslVersion::TLS1_3))?;
builder.set_permute_extensions(self.permute_extensions);
builder.configure_add_cert_compression_alg(CertCompressionAlgorithm::Brotli)
});
Ok(TlsSettings::builder()
.connector(connector)
.http_version_pref(HttpVersionPref::All)
.permute_extensions(self.permute_extensions)
.pre_shared_key(self.pre_shared_key)
.enable_ech_grease(self.enable_ech_grease)
.application_settings(self.application_settings)
.build())
}
}
}
mod http2 {
use hyper::PseudoOrder::{self, *};
use hyper::SettingsOrder::{self, *};
pub const HEADER_PRORIORITY: (u32, u8, bool) = (0, 255, true);
pub const HEADERS_PSEUDO_ORDER: [PseudoOrder; 4] = [Method, Authority, Scheme, Path];
pub static SETTINGS_ORDER: [SettingsOrder; 8] = [
HeaderTableSize,
EnablePush,
MaxConcurrentStreams,
InitialWindowSize,
MaxFrameSize,
MaxHeaderListSize,
UnknownSetting8,
UnknownSetting9,
];
}