Use consistent lower-case names when logging tls version and ciphersuite

Less shouty than upper case names.
2025-06-28 01:48:15 +03:00 · 2025-03-05 21:58:24 +01:00 · 2025-03-05 21:58:24 +01:00 · 7872b138a5
commit 7872b138a5
parent aa2b24d861
5 changed files with 22 additions and 40 deletions
--- a/imapserver/server.go
+++ b/imapserver/server.go
@ -1096,9 +1096,10 @@ func (c *conn) xtlsHandshakeAndAuthenticate(conn net.Conn) {
 		}
 	}

+	version, ciphersuite := moxio.TLSInfo(cs)
 	attrs := []slog.Attr{
-		slog.Any("version", tlsVersion(cs.Version)),
-		slog.String("ciphersuite", tls.CipherSuiteName(cs.CipherSuite)),
+		slog.String("version", version),
+		slog.String("ciphersuite", ciphersuite),
 		slog.String("sni", cs.ServerName),
 		slog.Bool("resumed", cs.DidResume),
 		slog.Int("clientcerts", len(cs.PeerCertificates)),
@ -1112,12 +1113,6 @@ func (c *conn) xtlsHandshakeAndAuthenticate(conn net.Conn) {
 	c.log.Debug("tls handshake completed", attrs...)
 }

-type tlsVersion uint16
-
-func (v tlsVersion) String() string {
-	return strings.ReplaceAll(strings.ToLower(tls.VersionName(uint16(v))), " ", "-")
-}
-
 func (c *conn) command() {
 	var tag, cmd, cmdlow string
 	var p *parser
--- a/moxio/tlsinfo.go
+++ b/moxio/tlsinfo.go
@ -2,28 +2,19 @@ package moxio

 import (
 	"crypto/tls"
-	"fmt"
+	"strings"
 )

 // TLSInfo returns human-readable strings about the TLS connection, for use in
 // logging.
-func TLSInfo(conn *tls.Conn) (version, ciphersuite string) {
-	st := conn.ConnectionState()
+func TLSInfo(cs tls.ConnectionState) (version, ciphersuite string) {
+	// e.g. tls1.3, instead of "TLS 1.3"
+	version = tls.VersionName(cs.Version)
+	version = strings.ToLower(version)
+	version = strings.ReplaceAll(version, " ", "")

-	versions := map[uint16]string{
-		tls.VersionTLS10: "TLS1.0",
-		tls.VersionTLS11: "TLS1.1",
-		tls.VersionTLS12: "TLS1.2",
-		tls.VersionTLS13: "TLS1.3",
-	}
+	ciphersuite = tls.CipherSuiteName(cs.CipherSuite)
+	ciphersuite = strings.ToLower(ciphersuite)

-	v, ok := versions[st.Version]
-	if ok {
-		version = v
-	} else {
-		version = fmt.Sprintf("TLS %x", st.Version)
-	}
-
-	ciphersuite = tls.CipherSuiteName(st.CipherSuite)
 	return
 }
--- a/smtpclient/client.go
+++ b/smtpclient/client.go
@ -311,9 +311,9 @@ func New(ctx context.Context, elog *slog.Logger, conn net.Conn, tlsMode TLSMode,
 		c.firstReadAfterHandshake = true
 		c.tlsResultAdd(1, 0, nil)
 		c.conn = tlsconn
-		tlsversion, ciphersuite := moxio.TLSInfo(tlsconn)
+		version, ciphersuite := moxio.TLSInfo(tlsconn.ConnectionState())
 		c.log.Debug("tls client handshake done",
-			slog.String("tls", tlsversion),
+			slog.String("version", version),
 			slog.String("ciphersuite", ciphersuite),
 			slog.Any("servername", remoteHostname))
 		c.tls = true
@ -828,13 +828,13 @@ func (c *Client) hello(ctx context.Context, tlsMode TLSMode, ehloHostname dns.Do
 		c.r = bufio.NewReader(c.tr)
 		c.w = bufio.NewWriter(c.tw)

-		tlsversion, ciphersuite := moxio.TLSInfo(nconn)
+		version, ciphersuite := moxio.TLSInfo(nconn.ConnectionState())
 		c.log.Debug("starttls client handshake done",
 			slog.Any("tlsmode", tlsMode),
 			slog.Bool("verifypkix", c.tlsVerifyPKIX),
 			slog.Bool("verifydane", c.daneRecords != nil),
 			slog.Bool("ignoretlsverifyerrors", c.ignoreTLSVerifyErrors),
-			slog.String("tls", tlsversion),
+			slog.String("version", version),
 			slog.String("ciphersuite", ciphersuite),
 			slog.Any("servername", c.remoteHostname),
 			slog.Any("danerecord", c.daneVerifiedRecord))
--- a/smtpserver/server.go
+++ b/smtpserver/server.go
@ -628,9 +628,10 @@ func (c *conn) xtlsHandshakeAndAuthenticate(conn net.Conn) {
 		}
 	}

+	version, ciphersuite := moxio.TLSInfo(cs)
 	attrs := []slog.Attr{
-		slog.Any("version", tlsVersion(cs.Version)),
-		slog.String("ciphersuite", tls.CipherSuiteName(cs.CipherSuite)),
+		slog.String("version", version),
+		slog.String("ciphersuite", ciphersuite),
 		slog.String("sni", cs.ServerName),
 		slog.Bool("resumed", cs.DidResume),
 		slog.Int("clientcerts", len(cs.PeerCertificates)),
@ -644,12 +645,6 @@ func (c *conn) xtlsHandshakeAndAuthenticate(conn net.Conn) {
 	c.log.Debug("tls handshake completed", attrs...)
 }

-type tlsVersion uint16
-
-func (v tlsVersion) String() string {
-	return strings.ReplaceAll(strings.ToLower(tls.VersionName(uint16(v))), " ", "-")
-}
-
 // completely reset connection state as if greeting has just been sent.
 // ../rfc/3207:210
 func (c *conn) reset() {
--- a/store/loginattempt.go
+++ b/store/loginattempt.go
@ -7,13 +7,13 @@ import (
 	"fmt"
 	"log/slog"
 	"runtime/debug"
-	"strings"
 	"time"

 	"github.com/mjl-/bstore"

 	"github.com/mjl-/mox/metrics"
 	"github.com/mjl-/mox/mlog"
+	"github.com/mjl-/mox/moxio"
 )

 var loginAttemptsMaxPerAccount = 10 * 1000 // Lower during tests.
@ -353,9 +353,10 @@ func LoginAttemptTLS(state *tls.ConnectionState) string {
 		return ""
 	}

+	version, ciphersuite := moxio.TLSInfo(*state)
 	return fmt.Sprintf("version=%s ciphersuite=%s sni=%s resumed=%v alpn=%s",
-		strings.ReplaceAll(strings.ToLower(tls.VersionName(state.Version)), " ", ""), // e.g. tls1.3
-		strings.ToLower(tls.CipherSuiteName(state.CipherSuite)),
+		version,
+		ciphersuite,
 		state.ServerName,
 		state.DidResume,
 		state.NegotiatedProtocol)