Hey guys,
we have a regression in 1.8 and -dev with OpenSSL 1.1.1 (from the
first beta to current master): when strict-sni is set, TLSv1.0 and
TLSv1.1 does not work (TLSv1.2 is fine). I haven't tested whether SNI
based certificate selection is broken as well, but strict-sni
definitely rejects TLSv1.1 and TLSv1.0 sessions (with the correct SNI
value).
Repro config:
frontend my-https-frontend
bind :443 ssl crt /home/lukas/cert/certdir/dev.lan.ltri.eu.pem strict-sni
I have bisected this to haproxy commit 84e417d85934 ("MINOR: ssl:
support Openssl 1.1.1 early callback for switchctx").
In haproxy debug mode we can see the following errors:
fd[0006] OpenSSL error[0x142090ea]
tls_early_post_process_client_hello: callback failed
and the openssl s_client (forcing TLSv1.1) fails like this:
$ openssl s_client -connect dev.lan.ltri.eu:443 -tls1_1 -servername
dev.lan.ltri.eu
CONNECTED(00000003)
140549797119640:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number:s3_pkt.c:362:
after commit c2aae74f01 ("MEDIUM: ssl: Handle early data with OpenSSL
1.1.1") the error changes:
fd[0006] OpenSSL error[0x1417a0c1] tls_post_process_client_hello: no
shared cipher
and the openssl s_client fails like this:
$ openssl s_client -connect dev.lan.ltri.eu:443 -tls1_1 -servername
dev.lan.ltri.eu
CONNECTED(00000003)
139752173131416:error:14094410:SSL routines:ssl3_read_bytes:sslv3
alert handshake failure:s3_pkt.c:1487:SSL alert number 40
139752173131416:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl
handshake failure:s3_pkt.c:656:
Haproxy 1.8 has these 2 commits as well. OpenSSL 1.1.0 is unaffected
of course (the changes only affect the API when openssl is 1.1.1).
Some naive and limited poking around with the code in question did not
return any results, so I'm "calling this in" now ;)
cheers,
lukas
