AWS-LC recently plumbed support for ChaChaPoly and AES CCM through the existing 
EVP_CIPHER API that HAProxy uses in https://github.com/aws/aws-lc/pull/1311 and 
https://github.com/aws/aws-lc/pull/1373. Do you need support for just the 
cipher EVP_chacha20? 

On 1/16/24, 5:30 AM, "Frederic Lecaille" <flecai...@haproxy.com 
<mailto:flecai...@haproxy.com>> wrote:


CAUTION: This email originated from outside of the organization. Do not click 
links or open attachments unless you can confirm the sender and know the 
content is safe.






On 1/16/24 14:25, Frederic Lecaille wrote:
> On 1/15/24 17:16, Yaacov Akiba Slama wrote:
>> On 04/10/2023 18:38, William Lallemand wrote:
>>> Hello,
>>>
>>> I fixed the build for USE_QUIC=1 and AWSLC which is limited like Ilya
>>> mentionned.
>>>
>>> For now:
>>>
>>> - 0RTT was disabled.
>>> - TLS1_3_CK_CHACHA20_POLY1305_SHA256, TLS1_3_CK_AES_128_CCM_SHA256
>>> were disabled
>>
>> https://github.com/aws/aws-lc/commit/bc9b35c4f5a34edcc7ed5ae86f24116198f61456
>>  
>> <https://github.com/aws/aws-lc/commit/bc9b35c4f5a34edcc7ed5ae86f24116198f61456>
>>  and 
>> https://github.com/aws/aws-lc/commit/f7798b764b95692d865fa0e067558deb8be3926a
>>  
>> <https://github.com/aws/aws-lc/commit/f7798b764b95692d865fa0e067558deb8be3926a>
>>  were merged, so perhaps this can be revisited.
>>
>> What is missing to have 0RTT support?
>>
>>> - clienthello callback is missing, certificate selection could be
>>> limited (RSA + ECDSA at the same time)
>>
>>
>
> About TLS_AES_128_CCM_SHA256 and *quictls*, this haproxy setting is
> required:
>
> ssl-default-bind-ciphersuites
> TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256
>
> because the TLS stack disables TLS_AES_128_CCM_SHA256 by default.
>
> About *aws-lc*, even with this patch to reactivate
> TLS_AES_128_CCM_SHA256 and the setting above the connection are closed
> with NO_SHARED_CIPHER as OpenSSL internal error :
>
> diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
> index 86b8c1ee32..742118a82e 100644
> --- a/include/haproxy/quic_tls.h
> +++ b/include/haproxy/quic_tls.h
> @@ -144,7 +144,7 @@ static inline const EVP_CIPHER *tls_aead(const
> SSL_CIPHER *cipher)
> case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
> return EVP_chacha20_poly1305();
> #endif
> -#if !defined(USE_OPENSSL_WOLFSSL) && !defined(OPENSSL_IS_AWSLC)
> +#if !defined(USE_OPENSSL_WOLFSSL)
> case TLS1_3_CK_AES_128_CCM_SHA256:
> return EVP_aes_128_ccm();
> #endif
>
>
>


Should have mentionned that I use ngtcp2 as client to enforce a unique
cipher (TLS1_3_CK_CHACHA20_POLY1305_SHA256 or
TLS1_3_CK_AES_128_CCM_SHA256) to connect to haproxy.



Reply via email to