feature: added new ffi function ngx_http_lua_ffi_ssl_ciphers.

[zhuizhuhaomeng]

I hereby granted the copyright of the changes in this pull request
to the authors of this lua-nginx-module project.

[doujiang24]

two more ideas:

1. we'd better pass a memory buffer pointer from Lua to reduce memory allocation in the connection pool. But the current implementation is also acceptable to me.
2. we can call ngx_ssl_get_ciphers in the ngx_http_lua_ffi_ssl_ciphers function if we decide to allocation memory from the connection pool to avoid coping code.

[zhuizhuhaomeng]

two more ideas:

1. we'd better pass a memory buffer pointer from Lua to reduce memory allocation in the connection pool. But the current implementation is also acceptable to me.
2. we can call ngx_ssl_get_ciphers in the ngx_http_lua_ffi_ssl_ciphers function if we decide to allocation memory from the connection pool to avoid coping code.

I prefer the latter one because it is hard to decide the length of the buffer.

[bjne]

The output format of ssl_get_chipers is imho ineffective for what it is useful for. What I would like to get out is
perhaps a table (table could be passed as input for reuse) or just a int array of ciphers shared between client
and server.

Also, SSL_get_shared_chipers, outputs a list of shared ciphers between client and server not respecting what
is actually enabled on the server. I would personally much rather see a filtered list, not including disabled ciphers

[zhuizhuhaomeng]

The output format of ssl_get_chipers is imho ineffective for what it is useful for. What I would like to get out is perhaps a table (table could be passed as input for reuse) or just a int array of ciphers shared between client and server.

Can you be more specific about your application scenario?

[bjne]

The output format of ssl_get_chipers is imho ineffective for what it is useful for. What I would like to get out is perhaps a table (table could be passed as input for reuse) or just a int array of ciphers shared between client and server.

Can you be more specific about your application scenario?

A common usecase here is probably to check if client supports EDCSA ciphers, and serve certs accordingly. Splitting/iterating/garbage collecting colon-separated strings here is less effective than returning uint32_t[]
of uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);

Also, only the enabled ciphers (SSL_get1_supported_ciphers/SSL_get_client_ciphers) is more useful than also needing to know
what ciphers are actually enabled to make decision.

[zhuizhuhaomeng]

The output format of ssl_get_chipers is imho ineffective for what it is useful for. What I would like to get out is perhaps a table (table could be passed as input for reuse) or just a int array of ciphers shared between client and server.

Can you be more specific about your application scenario?

A common usecase here is probably to check if client supports EDCSA ciphers, and serve certs accordingly. Splitting/iterating/garbage collecting colon-separated strings here is less effective than returning uint32_t[] of uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);

Also, only the enabled ciphers (SSL_get1_supported_ciphers/SSL_get_client_ciphers) is more useful than also needing to know what ciphers are actually enabled to make decision.

Would you please submit a PR?

[bjne]

The output format of ssl_get_chipers is imho ineffective for what it is useful for. What I would like to get out is perhaps a table (table could be passed as input for reuse) or just a int array of ciphers shared between client and server.

Can you be more specific about your application scenario?

A common usecase here is probably to check if client supports EDCSA ciphers, and serve certs accordingly. Splitting/iterating/garbage collecting colon-separated strings here is less effective than returning uint32_t[] of uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
Also, only the enabled ciphers (SSL_get1_supported_ciphers/SSL_get_client_ciphers) is more useful than also needing to know what ciphers are actually enabled to make decision.

Would you please submit a PR?

Yes, I can do that.

[bjne]

The output format of ssl_get_chipers is imho ineffective for what it is useful for. What I would like to get out is perhaps a table (table could be passed as input for reuse) or just a int array of ciphers shared between client and server.

Can you be more specific about your application scenario?

A common usecase here is probably to check if client supports EDCSA ciphers, and serve certs accordingly. Splitting/iterating/garbage collecting colon-separated strings here is less effective than returning uint32_t[] of uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
Also, only the enabled ciphers (SSL_get1_supported_ciphers/SSL_get_client_ciphers) is more useful than also needing to know what ciphers are actually enabled to make decision.

Would you please submit a PR?

Yes, I can do that.

Here is the RFC pull request: #1962