Added TLS feature at CRT layer

rakshil14-2 · rakshil14-2 · commit ffa317eed3a2 · 2026-05-15T11:07:35.000-07:00
diff --git a/awscrt/_aws_iot_metrics.py b/awscrt/_aws_iot_metrics.py
@@ -259,18 +259,24 @@ def get_encoded_feature_list(client_options):
 
     # I: certificate_source - Would need to be tracked from TLS context setup. This is set at a IoT SDK level
 
-    # LOOK into it
-    # J: tls_cipher_preference
+    # J: tls_cipher_preference - security policy
+    if client_options.tls_ctx is not None:
+        val = _tls_cipher_preference_metrics_value(client_options.tls_ctx.cipher_pref)
+        if val:
+            features.append(f"{MetricsFeatureId.TLS_CIPHER_PREFERENCE}/{val}")
 
-    # K: minimum_tls_version - The minimum TLS version is set on
-    # TLSContextOptions but not stored/accessible from TLSContext.
+    # K: minimum_tls_version - The minimum TLS version set on TLSContextOptions
+    if client_options.tls_ctx is not None:
+        val = _minimum_tls_version_metrics_value(client_options.tls_ctx.min_tls_ver)
+        if val:
+            features.append(f"{MetricsFeatureId.MINIMUM_TLS_VERSION}/{val}")
 
     return ",".join(features)
 
 # MQTT3 encoding list
 
 
-def get_encoded_feature_list_mqtt3(proxy_options):
+def get_encoded_feature_list_mqtt3(proxy_options, tls_ctx=None):
     """
     Generates encoded feature list for MQTT3 connections
     Args:
@@ -282,11 +288,24 @@ def get_encoded_feature_list_mqtt3(proxy_options):
         f"{MetricsFeatureId.PROTOCOL_VERSION}/{MetricsProtocolVersionValue.MQTT311}",
         f"{MetricsFeatureId.SOCKET_IMPLEMENTATION}/{_detect_socket_implementation()}"
     ]
+    # H: http_proxy_type - Determine based on whether proxy uses TLS
     if proxy_options is not None:
         proxy_type = MetricsHttpProxyTypeValue.HTTPS if getattr(
             proxy_options, 'tls_connection_options', None) is not None else MetricsHttpProxyTypeValue.HTTP
         features.append(f"{MetricsFeatureId.HTTP_PROXY_TYPE}/{proxy_type}")
 
+    # J: tls_cipher_preference - security policy
+    if tls_ctx is not None:
+        val = _tls_cipher_preference_metrics_value(tls_ctx.cipher_pref)
+        if val:
+            features.append(f"{MetricsFeatureId.TLS_CIPHER_PREFERENCE}/{val}")
+
+    # K: minimum_tls_version - the minimum TLS version set on TLSContextOptions
+    if tls_ctx is not None:
+        val = _minimum_tls_version_metrics_value(tls_ctx.min_tls_ver)
+        if val:
+            features.append(f"{MetricsFeatureId.MINIMUM_TLS_VERSION}/{val}")
+
     return ",".join(features)
 
 
@@ -380,7 +399,7 @@ def create_metrics_mqtt5(client_options):
     return create_metrics(client_options.metrics, crt_feature_list)
 
 
-def create_metrics_mqtt3(user_metrics=None, proxy_options=None):
+def create_metrics_mqtt3(user_metrics=None, proxy_options=None, tls_ctx = None):
     """
     Creates final metrics for MQTT3 connection.
     Args:
@@ -389,5 +408,5 @@ def create_metrics_mqtt3(user_metrics=None, proxy_options=None):
     Returns:
         AWSIoTMetrics: The final metrics object
     """
-    crt_feature_list = get_encoded_feature_list_mqtt3(proxy_options)
+    crt_feature_list = get_encoded_feature_list_mqtt3(proxy_options, tls_ctx)
     return create_metrics(user_metrics, crt_feature_list)
diff --git a/awscrt/io.py b/awscrt/io.py
@@ -606,12 +606,16 @@ class ClientTlsContext(NativeResource):
     Args:
         options (TlsContextOptions): Configuration options.
     """
-    __slots__ = ()
+    __slots__ = ('min_tls_ver', 'cipher_pref')
 
     def __init__(self, options):
         assert isinstance(options, TlsContextOptions)
 
         super().__init__()
+        
+        self.min_tls_ver = options.min_tls_ver
+        self.cipher_pref = options.cipher_pref
+
         self._binding = _awscrt.client_tls_ctx_new(
             options.min_tls_ver.value,
             options.cipher_pref.value,
diff --git a/awscrt/mqtt.py b/awscrt/mqtt.py
@@ -334,7 +334,7 @@ class Connection(NativeResource):
 
         enable_metrics (bool): Enable IoT SDK metrics in MQTT CONNECT packet username field, including SDK name, version, and platform. Default to True.
 
-        metrics (Optional[:class: `AWSIoTMetrics`]) :  Optional metrics configuration for IoT SDK metrics reporting. If provided, the CRT will use the given metrics. If None, a default AWSIoTMetrics will be created.
+        metrics (Optional[:class:`AWSIoTMetrics`]) :  Optional metrics configuration for IoT SDK metrics reporting. If provided, the CRT will use the given metrics. If None, a default AWSIoTMetrics will be created.
         """
 
     def __init__(self,
@@ -416,7 +416,7 @@ def __init__(self,
         self.socket_options = socket_options if socket_options else SocketOptions()
         self.proxy_options = proxy_options if proxy_options else websocket_proxy_options
         if enable_metrics:
-            self._metrics = create_metrics_mqtt3(metrics, self.proxy_options)
+            self._metrics = create_metrics_mqtt3(metrics, self.proxy_options, self.client.tls_ctx)
         else:
             self._metrics = None
 
diff --git a/awscrt/mqtt5.py b/awscrt/mqtt5.py
@@ -1372,7 +1372,7 @@ class ClientOptions:
         on_lifecycle_event_connection_failure_fn (Callable[[LifecycleConnectFailureData],]): Callback for Lifecycle Event Connection Failure.
         on_lifecycle_event_disconnection_fn (Callable[[LifecycleDisconnectData],]): Callback for Lifecycle Event Disconnection.
         enable_metrics (bool): Enable IoT SDK metrics in MQTT CONNECT packet username field, including SDK name, version, and platform. Default to True.
-        metrics (Optional[:class: `AWSIoTMetrics`]) :  Optional metrics configuration for IoT SDK metrics reporting. If provided, the CRT will use the given metrics. If None, a default AWSIoTMetrics will be created.
+        metrics (Optional[:class:`AWSIoTMetrics`]) :  Optional metrics configuration for IoT SDK metrics reporting. If provided, the CRT will use the given metrics. If None, a default AWSIoTMetrics will be created.
 
     """
     host_name: str
