Hey Bryan. I noticed that you gave HAProxy a directory. You have to give it the name of the cert instead of the directory.
So your config should be: bind :8443 ssl crt ./var/tls/localhost.pem -Dave From: Bryan Talbot <[email protected]<mailto:[email protected]>> Date: Thursday, December 3, 2015 at 4:45 PM To: Yanbo Zhu <[email protected]<mailto:[email protected]>> Cc: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Re: Contribution for HAProxy: Peer Cipher based SSL CTX switching Hi Dave. I've applied the patches but things are not working as I expected. It could be that my expectations are incorrect though. I'm expecting that with two (ECC and RSA) self-signed testing certificates deployed with the haproxy config shown below that ECC capable clients will connect and use the ECC certificate while old clients that do not support ECC will connect and use the RSA certificate. What I'm seeing is that when an older OpenSSL client that does not support ECC attempts to connect, it fails to handshake if the ECC certificate is available in haproxy. If I remove the ECC certificate completely, the handshake completes and a suitable RSA cipher is used. OpenSSL from OSX fails when haproxy has RSA and ECC cert in ./var/tls/ btalbot-lt:tls$ /usr/bin/openssl version OpenSSL 0.9.8zg 14 July 2015 btalbot-lt:tls$ echo | /usr/bin/openssl s_client -connect localhost:8443 CONNECTED(00000003) 78356:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_clnt.c:593: but works when haproxy has only RSA cert in ./var/tls/ btalbot-lt:tls$ echo | /usr/bin/openssl s_client -connect localhost:8443 CONNECTED(00000003) depth=0 /C=US/ST=CA/L=San Jose/O=iJJi Engineering/OU=Test Certificate/CN=localhost.local verify error:num=18:self signed certificate ... New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES128-SHA Session-ID: 7715FF5B9964E190619862C0D7D926E5B5519A3D40661264C7451D9D6BD1B0C9 Session-ID-ctx: Master-Key: CC09E45F63C345EA9400D8E2AA34985CC85151BE8358D338FA526A3D3F02ED9E2E69AFD6D0DF01B325036FCCAEF940C8 Key-Arg : None Start Time: 1449175301 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) btalbot-lt:haproxy-1.6$ ./haproxy -vv HA-Proxy version 1.6.2-5f5296-22 2015/12/03 Copyright 2000-2015 Willy Tarreau <[email protected]<mailto:[email protected]>> Build options : TARGET = generic CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 Encrypted password support via crypt(3): no Built with zlib version : 1.2.5 Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip") Built with OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015 Running on OpenSSL version : OpenSSL 1.0.2d 9 Jul 2015 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built without PCRE support (using libc's regex instead) Built without Lua support Available polling systems : poll : pref=200, test result OK select : pref=150, test result OK Total: 2 (2 usable), will use poll. btalbot-lt:haproxy-1.6$ cat tls-test-haproxy.cfg global log 127.0.0.1:1514<http://127.0.0.1:1514> local2 ssl-default-bind-options no-sslv3 ssl-default-bind-ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK tune.ssl.default-dh-param 1024 tune.bufsize 16384 tune.maxrewrite 1024 defaults timeout connect 5s timeout queue 50s timeout client 50s timeout server 50s log global mode http option httplog option dontlognull option http-keep-alive listen https bind :8443 ssl crt ./var/tls/ monitor-uri /test btalbot-lt:haproxy-1.6$ ls -l1 ./var/tls/ localhost.pem.ecdsa localhost.pem.rsa btalbot-lt:haproxy-1.6$ git remote -v origin http://git.haproxy.org/git/haproxy-1.6.git (fetch) origin http://git.haproxy.org/git/haproxy-1.6.git (push) btalbot-lt:haproxy-1.6$ git log origin..HEAD commit 5f5296f7d766a37f6c55ddcb728ba436172a94ad Author: yanbzhu <[email protected]<mailto:[email protected]>> Date: Wed Dec 2 13:54:14 2015 -0500 MINOR: ssl: Added multi cert support for crt-list config keyword Same functionality as previous commit, but added support to crt-list keyword. Note that it's not practical to support SNI filters with multicerts, so any SNI filters that's provided to the crt-list is ignored if a multi-cert opertion is used. commit 98c7a958dbc93f2f58acde0b851f8423bac86005 Author: yanbzhu <[email protected]<mailto:[email protected]>> Date: Wed Dec 2 13:01:29 2015 -0500 MEDIUM: ssl: Added support for creating SSL_CTX with multiple certs Added ability for users to specify multiple certificates that all relate a single server. Users do this by specifying certificate "cert_name.pem" but having "cert_name.pem.rsa", "cert_name.pem.dsa" and/or "cert_name.pem.ecdsa" in the directory. HAProxy will now intelligently search for those 3 files and try combine them into as few SSL_CTX's as possible based on CN/SAN. This will allow HAProxy to support multiple ciphersuite key algorithms off a single SSL_CTX. This change integrates into the existing architecture of SNI lookup and multiple SNI's can point to the same SSL_CTX, which can support multiple key_types. commit 2c03e8c8eca7f14464665fe20a5dbf9ce06e02fb Author: yanbzhu <[email protected]<mailto:[email protected]>> Date: Tue Dec 1 15:16:07 2015 -0500 MINOR: ssl: Added cert_key_and_chain struct Added cert_key_and_chain struct to ssl. This struct will store the contents of a crt path (from the config file) into memory. This will allow us to use the data stored in memory instead of reading the file multiple times. This will be used to support a later commit to load multiple pkeys/certs into a single SSL_CTX On Thu, Dec 3, 2015 at 9:47 AM, Dave Zhu (yanbzhu) <[email protected]<mailto:[email protected]>> wrote: Hey Emeric, On 12/3/15, 9:56 AM, "Emeric Brun" <[email protected]<mailto:[email protected]>> wrote: > >But i notice some inconsistencies. > >Patch2 (crt conf keywoard): >If the file without key extension is present, this file is loaded but >also the multi_load is called. > >However in Patch3 (crt-list) >If the file without key extension is present, this file is loaded but the >multi_load is NOT called. That shouldn¹t be the case. If the file w/o the key extension is present, it will be found with stat, found not to be a directory, and then ssl_sock_load_cert will return. > >There is a lot indentation issues in patch 2 Hopefully I¹ve fixed them in this next set of patches > >In patch 2 it remains a FIXME comment: >// YANBZHU: FIXME That was removed in patch 3, but I¹ve removed it from patch 2 a well. The latest set of patches are attached to this as per Willy¹s suggestion. -Dave
