Use SSL_client_hello_get0_ciphers() instead of SSL_get0_raw_cipherlist()

[climagabriel]

You're already using up the clienthello callback to get the extensions. Why not get the ciphers offered up by the client in the clienthello packet with SSL_client_hello_get0_ciphers() while you're at it?
Not to mention that it would better conform to the definition of JA3 as a fingerprint of the clienthello packet, not of the negociated SSL session.

[fooinha]

@climagabriel , do you have a patch that does this?

[climagabriel]

I will. There's a lot more stuff I need to do in the clienthello callback so the only option for me is to move all this to lua and perform the ja3 calculation there, along with whatever else I need to do.

I've already moved the extensions extraction to lua:
openresty/lua-nginx-module@d1d5b73
openresty/lua-resty-core@fcef69d

And yeah I'm doing the rest of the fields as well.

[climagabriel]

nginx/nginx#562
The clienthello callback is set to become a point of contention more broadly though.
Several projects trying to use it for their purposes and OPENSSL only allows for one callback.

[climagabriel]

Btw, SSL_client_hello_get1_extensions_present already excludes all the GREASE extensions

openssl/openssl#27580