On Wed, Jul 02, 2025 at 12:39:41PM +0200, Frederic Lecaille wrote: > On 7/2/25 12:00, Willy Tarreau wrote: > > Agreed on the fact the commit logs were not very clear. > > > - an obscure issue affecting the OpenSSL-3.5 QUIC handshake was fixed > > *at this time, as far as I know*, affects only QUIC backends + OpenSSL-3.5. > > But the affected code could also be used by future TLS stack. At this > time, I do not know any TLS stack which uses the affected code for QUIC > listeners. This is why I have flagged this commit with "quic" and not > "quic-be". > > The remote transport parameters could not be stored, leading the > connection to be close asap. > > > - an erroneous encoding of QUIC frame type CONNECTION_CLOSE resulted in > > CONNECTION_CLOSE_APP instead to be emitted. The impact is unclear to > > me though ? > > affects both QUIC frontends and listeners... > > Only the CONNECTION_CLOSE (transport level) frame could be built with an > uninitialized <frame_type> field. This is the type of frame which leads > the local peer to close the connection on its side. At higher level, > this could prevent the packet to be built (with a too big random value > for this field) or with an erroneous value (for shorter random value). > For the first case the connection is not closed from the peer point of > view contrary the second case.
Ah cool, thank you very much Fred for the details! Willy
