If you connect to a haproxy TLS server with CA names on (verify optional or required) part of the server hello message is the list of CA's that are accepted. The client can use this list to decide which certificate to send as its client certificate.
The problem arises when this list if long, the server hello message gets really long as well. If the list if very long the server hello becomes prohibitively big, making client connections fail. So disabling the list of CA names in the server hello message reduces the message size. Lots of clients don’t need to be told which certificate to send, and this list is optional since TLS1.1 if memory serves me well. I'm running a system which (for good reason) runs on self-signed certificates, so technically I have a CA for every client. With more than 30 CA's I had client that have problems connecting because the server hello is too big. With CA names turned off I tested with 10000 CA's loaded without problems. -----Original Message----- From: Emmanuel Hocdet [mailto:[email protected]] Sent: maandag 12 juni 2017 14:22 To: Wolvers, Bas Cc: [email protected] Subject: Re: Feature request: disable CA/distinguished names. I don't understand. CA certs are loaded by haproxy when needed: i.e if 'ca-file’ parameter is used and ‘verify’ is set to ‘optional’ or ‘required’. > Le 12 juin 2017 à 13:00, Wolvers, Bas <[email protected]> a écrit : > > For setups with large amounts of CA certs it can be a really good idea to > turn off CA names in the key exchange. > As far as I understand it is optional to send CA names, and it works fine > with these turned off. > This is also called distinguished names. > > To do this a single line should not be executed. > SSL_CTX_set_client_CA_list(ctx, > SSL_load_client_CA_file(ca_file)); > (in ssl_sock.c, function ssl_sock_prepare_ctx). > > I currently disable this with a LD_PRELOAD shim, but I think it would be a > good idea to make this an ssl option, similar to force_tls12 etc. > > /* > This shim disables 2 openssl functions. > The effect of this is that no client CA names, also known as > distingushed names, are loaded this reduces ssl traffic with large > numbers of CA certificates. > > This is made to be used with HAPROXY since it does not have a > setting to disable this in the configuration. > */ > #include <stdio.h> > > void SSL_CTX_set_client_CA_list(void *one, void *two) { > printf("SSL_CTX_set_client_CA_list called but disabled by shim.\n"); > return; } void *SSL_load_client_CA_file(void *one) { > printf("SSL_load_client_CA_file called but disabled by shim.\n"); > return 0; } >
