Hi Dave.
I've applied the patches but things are not working as I expected. It could
be that my expectations are incorrect though. I'm expecting that with two
(ECC and RSA) self-signed testing certificates deployed with the haproxy
config shown below that ECC capable clients will connect and use the ECC
certificate while old clients that do not support ECC will connect and use
the RSA certificate.
What I'm seeing is that when an older OpenSSL client that does not support
ECC attempts to connect, it fails to handshake if the ECC certificate is
available in haproxy. If I remove the ECC certificate completely, the
handshake completes and a suitable RSA cipher is used.
OpenSSL from OSX fails when haproxy has RSA and ECC cert in ./var/tls/
btalbot-lt:tls$ /usr/bin/openssl version
OpenSSL 0.9.8zg 14 July 2015
btalbot-lt:tls$ echo | /usr/bin/openssl s_client -connect localhost:8443
CONNECTED(00000003)
78356:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_clnt.c:593:
but works when haproxy has only RSA cert in ./var/tls/
btalbot-lt:tls$ echo | /usr/bin/openssl s_client -connect localhost:8443
CONNECTED(00000003)
depth=0 /C=US/ST=CA/L=San Jose/O=iJJi Engineering/OU=Test
Certificate/CN=localhost.local
verify error:num=18:self signed certificate
...
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES128-SHA
Session-ID:
7715FF5B9964E190619862C0D7D926E5B5519A3D40661264C7451D9D6BD1B0C9
Session-ID-ctx:
Master-Key:
CC09E45F63C345EA9400D8E2AA34985CC85151BE8358D338FA526A3D3F02ED9E2E69AFD6D0DF01B325036FCCAEF940C8
Key-Arg : None
Start Time: 1449175301
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
btalbot-lt:haproxy-1.6$ ./haproxy -vv
HA-Proxy version 1.6.2-5f5296-22 2015/12/03
Copyright 2000-2015 Willy Tarreau <[email protected]>
Build options :
TARGET = generic
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement
OPTIONS = USE_ZLIB=1 USE_OPENSSL=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Encrypted password support via crypt(3): no
Built with zlib version : 1.2.5
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015
Running on OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built without PCRE support (using libc's regex instead)
Built without Lua support
Available polling systems :
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 2 (2 usable), will use poll.
btalbot-lt:haproxy-1.6$ cat tls-test-haproxy.cfg
global
log 127.0.0.1:1514 local2
ssl-default-bind-options no-sslv3
ssl-default-bind-ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
tune.ssl.default-dh-param 1024
tune.bufsize 16384
tune.maxrewrite 1024
defaults
timeout connect 5s
timeout queue 50s
timeout client 50s
timeout server 50s
log global
mode http
option httplog
option dontlognull
option http-keep-alive
listen https
bind :8443 ssl crt ./var/tls/
monitor-uri /test
btalbot-lt:haproxy-1.6$ ls -l1 ./var/tls/
localhost.pem.ecdsa
localhost.pem.rsa
btalbot-lt:haproxy-1.6$ git remote -v
origin http://git.haproxy.org/git/haproxy-1.6.git (fetch)
origin http://git.haproxy.org/git/haproxy-1.6.git (push)
btalbot-lt:haproxy-1.6$ git log origin..HEAD
commit 5f5296f7d766a37f6c55ddcb728ba436172a94ad
Author: yanbzhu <[email protected]>
Date: Wed Dec 2 13:54:14 2015 -0500
MINOR: ssl: Added multi cert support for crt-list config keyword
Same functionality as previous commit, but added support to crt-list
keyword.
Note that it's not practical to support SNI filters with multicerts, so
any SNI filters that's provided to the crt-list is ignored if a
multi-cert opertion is used.
commit 98c7a958dbc93f2f58acde0b851f8423bac86005
Author: yanbzhu <[email protected]>
Date: Wed Dec 2 13:01:29 2015 -0500
MEDIUM: ssl: Added support for creating SSL_CTX with multiple certs
Added ability for users to specify multiple certificates that all relate
a single server. Users do this by specifying certificate "cert_name.pem"
but having "cert_name.pem.rsa", "cert_name.pem.dsa" and/or
"cert_name.pem.ecdsa" in the directory.
HAProxy will now intelligently search for those 3 files and try combine
them into as few SSL_CTX's as possible based on CN/SAN. This will allow
HAProxy to support multiple ciphersuite key algorithms off a single
SSL_CTX.
This change integrates into the existing architecture of SNI lookup and
multiple SNI's can point to the same SSL_CTX, which can support multiple
key_types.
commit 2c03e8c8eca7f14464665fe20a5dbf9ce06e02fb
Author: yanbzhu <[email protected]>
Date: Tue Dec 1 15:16:07 2015 -0500
MINOR: ssl: Added cert_key_and_chain struct
Added cert_key_and_chain struct to ssl. This struct will store the
contents of a crt path (from the config file) into memory. This will
allow us to use the data stored in memory instead of reading the file
multiple times.
This will be used to support a later commit to load multiple pkeys/certs
into a single SSL_CTX
On Thu, Dec 3, 2015 at 9:47 AM, Dave Zhu (yanbzhu) <[email protected]>
wrote:
> Hey Emeric,
>
> On 12/3/15, 9:56 AM, "Emeric Brun" <[email protected]> wrote:
>
> >
> >But i notice some inconsistencies.
> >
> >Patch2 (crt conf keywoard):
> >If the file without key extension is present, this file is loaded but
> >also the multi_load is called.
> >
> >However in Patch3 (crt-list)
> >If the file without key extension is present, this file is loaded but the
> >multi_load is NOT called.
>
> That shouldn¹t be the case. If the file w/o the key extension is present,
> it will be found with stat, found not to be a directory, and then
> ssl_sock_load_cert will return.
>
>
> >
> >There is a lot indentation issues in patch 2
>
> Hopefully I¹ve fixed them in this next set of patches
>
>
> >
> >In patch 2 it remains a FIXME comment:
> >// YANBZHU: FIXME
>
> That was removed in patch 3, but I¹ve removed it from patch 2 a well.
>
> The latest set of patches are attached to this as per Willy¹s suggestion.
>
> -Dave
>
>
