Hi ATS Community,
TLDR; I propose a new TSAPI TSVConnClientHelloGet that will return the SSL_CLIENT_HELLO object, allowing plugins to access extension data when using boringssl. *Problem:* OpenSSL provides SSL_client_hello_get0_ext(), SSL_client_hello_get0_ciphers() and SSL_client_hello_get1_extensions_present() to get client hello data from an SSL object. BoringSSL doesn't have comparable functions. It requires the SSL_CLIENT_HELLO object via SSL_early_callback_ctx_extension_get(). Currently, there's no way to get the SSL_CLIENT_HELLO object in plugins, which causes friction when writing SSL-related plugins that need to work with both libraries. *Proposed Solution:* TSClientHello TSVConnClientHelloGet(TSVConn sslp); This API provides access to the SSL_CLIENT_HELLO object within plugins and is usable during SSL hooks (TS_SSL_CLIENT_HELLO_HOOK, TS_SSL_SERVERNAME_HOOK). *Use Case:* This enables plugins to access ClientHello data (cipher suites, extensions, SNI, ALPN, supported TLS versions) when using BoringSSL. Currently, the ja4_fingerprint plugin only works for openssl, this change allows us to add boringssl support. *Implementation Notes:* - The SSL_CLIENT_HELLO is captured during the client hello callback and stored in TLSSNISupport - The data is valid during SSL handshake hooks - For OpenSSL, plugins can continue using existing TSSslConnectionGet() approach This is a non-breaking addition. Existing OpenSSL-based plugins continue to work unchanged. Here is the PR: https://github.com/apache/trafficserver/pull/12790 Thanks, Jasmine
