add metric to record tls ciphersuite negotiated during handshake (#1203)

record name of ciphersuite negotiated during handshake in new probe_tls_cipher_info metric Signed-off-by: Shang Ding <[email protected]>
prometheus · Apr 18, 2024 · 1b5a642 · 1b5a642
1 parent ef3ff4f
commit 1b5a642
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/prober/http.go b/prober/http.go
@@ -282,6 +282,11 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr
  []string{"version"},
  )
 
+ probeTLSCipher = prometheus.NewGaugeVec(
+ probeTLSCipherGaugeOpts,
+ []string{"cipher"},
+ )
+
  probeHTTPVersionGauge = prometheus.NewGauge(prometheus.GaugeOpts{
  Name: "probe_http_version",
  Help: "Returns the version of HTTP of the probe response",
@@ -638,9 +643,10 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr
 
  if resp.TLS != nil {
  isSSLGauge.Set(float64(1))
- registry.MustRegister(probeSSLEarliestCertExpiryGauge, probeTLSVersion, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation)
+ registry.MustRegister(probeSSLEarliestCertExpiryGauge, probeTLSVersion, probeTLSCipher, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation)
  probeSSLEarliestCertExpiryGauge.Set(float64(getEarliestCertExpiry(resp.TLS).Unix()))
  probeTLSVersion.WithLabelValues(getTLSVersion(resp.TLS)).Set(1)
+ probeTLSCipher.WithLabelValues(getTLSCipher(resp.TLS)).Set(1)
  probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(resp.TLS).Unix()))
  probeSSLLastInformation.WithLabelValues(getFingerprint(resp.TLS), getSubject(resp.TLS), getIssuer(resp.TLS), getDNSNames(resp.TLS)).Set(1)
  if httpConfig.FailIfSSL {

diff --git a/prober/prober.go b/prober/prober.go
@@ -28,6 +28,7 @@ const (
  helpSSLEarliestCertExpiry = "Returns last SSL chain expiry in unixtime"
  helpSSLChainExpiryInTimeStamp = "Returns last SSL chain expiry in timestamp"
  helpProbeTLSInfo = "Returns the TLS version used or NaN when unknown"
+ helpProbeTLSCipher = "Returns the TLS cipher negotiated during handshake"
 )
 
 var (
@@ -45,4 +46,9 @@ var (
  Name: "probe_tls_version_info",
  Help: helpProbeTLSInfo,
  }
+
+ probeTLSCipherGaugeOpts = prometheus.GaugeOpts{
+ Name: "probe_tls_cipher_info",
+ Help: helpProbeTLSCipher,
+ }
 )
diff --git a/prober/tls.go b/prober/tls.go
@@ -83,3 +83,7 @@ func getTLSVersion(state *tls.ConnectionState) string {
  return "unknown"
  }
 }
+
+func getTLSCipher(state *tls.ConnectionState) string {
+ return tls.CipherSuiteName(state.CipherSuite)
+}