From 1b5a642f10628953d71115a8aa622154b114a833 Mon Sep 17 00:00:00 2001
From: Shang Jian Ding <rifflegrass@gmail.com>
Date: Wed, 17 Apr 2024 22:36:03 -0500
Subject: [PATCH] add metric to record tls ciphersuite negotiated during
 handshake (#1203)

record name of ciphersuite negotiated during handshake
in new probe_tls_cipher_info metric

Signed-off-by: Shang Ding <rifflegrass@gmail.com>
---
 prober/http.go   | 8 +++++++-
 prober/prober.go | 6 ++++++
 prober/tls.go    | 4 ++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/prober/http.go b/prober/http.go
index 232214c3..d79e8e1c 100644
--- a/prober/http.go
+++ b/prober/http.go
@@ -282,6 +282,11 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr
 			[]string{"version"},
 		)
 
+		probeTLSCipher = prometheus.NewGaugeVec(
+			probeTLSCipherGaugeOpts,
+			[]string{"cipher"},
+		)
+
 		probeHTTPVersionGauge = prometheus.NewGauge(prometheus.GaugeOpts{
 			Name: "probe_http_version",
 			Help: "Returns the version of HTTP of the probe response",
@@ -638,9 +643,10 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr
 
 	if resp.TLS != nil {
 		isSSLGauge.Set(float64(1))
-		registry.MustRegister(probeSSLEarliestCertExpiryGauge, probeTLSVersion, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation)
+		registry.MustRegister(probeSSLEarliestCertExpiryGauge, probeTLSVersion, probeTLSCipher, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation)
 		probeSSLEarliestCertExpiryGauge.Set(float64(getEarliestCertExpiry(resp.TLS).Unix()))
 		probeTLSVersion.WithLabelValues(getTLSVersion(resp.TLS)).Set(1)
+		probeTLSCipher.WithLabelValues(getTLSCipher(resp.TLS)).Set(1)
 		probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(resp.TLS).Unix()))
 		probeSSLLastInformation.WithLabelValues(getFingerprint(resp.TLS), getSubject(resp.TLS), getIssuer(resp.TLS), getDNSNames(resp.TLS)).Set(1)
 		if httpConfig.FailIfSSL {
diff --git a/prober/prober.go b/prober/prober.go
index 850ee7c5..93d4e3d6 100644
--- a/prober/prober.go
+++ b/prober/prober.go
@@ -28,6 +28,7 @@ const (
 	helpSSLEarliestCertExpiry     = "Returns last SSL chain expiry in unixtime"
 	helpSSLChainExpiryInTimeStamp = "Returns last SSL chain expiry in timestamp"
 	helpProbeTLSInfo              = "Returns the TLS version used or NaN when unknown"
+	helpProbeTLSCipher            = "Returns the TLS cipher negotiated during handshake"
 )
 
 var (
@@ -45,4 +46,9 @@ var (
 		Name: "probe_tls_version_info",
 		Help: helpProbeTLSInfo,
 	}
+
+	probeTLSCipherGaugeOpts = prometheus.GaugeOpts{
+		Name: "probe_tls_cipher_info",
+		Help: helpProbeTLSCipher,
+	}
 )
diff --git a/prober/tls.go b/prober/tls.go
index 7df8e575..3da17a05 100644
--- a/prober/tls.go
+++ b/prober/tls.go
@@ -83,3 +83,7 @@ func getTLSVersion(state *tls.ConnectionState) string {
 		return "unknown"
 	}
 }
+
+func getTLSCipher(state *tls.ConnectionState) string {
+	return tls.CipherSuiteName(state.CipherSuite)
+}