AWS-LC recently plumbed support for ChaChaPoly and AES CCM through the existing EVP_CIPHER API that HAProxy uses in https://github.com/aws/aws-lc/pull/1311 and https://github.com/aws/aws-lc/pull/1373. Do you need support for just the cipher EVP_chacha20?
On 1/16/24, 5:30 AM, "Frederic Lecaille" <flecai...@haproxy.com <mailto:flecai...@haproxy.com>> wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. On 1/16/24 14:25, Frederic Lecaille wrote: > On 1/15/24 17:16, Yaacov Akiba Slama wrote: >> On 04/10/2023 18:38, William Lallemand wrote: >>> Hello, >>> >>> I fixed the build for USE_QUIC=1 and AWSLC which is limited like Ilya >>> mentionned. >>> >>> For now: >>> >>> - 0RTT was disabled. >>> - TLS1_3_CK_CHACHA20_POLY1305_SHA256, TLS1_3_CK_AES_128_CCM_SHA256 >>> were disabled >> >> https://github.com/aws/aws-lc/commit/bc9b35c4f5a34edcc7ed5ae86f24116198f61456 >> >> <https://github.com/aws/aws-lc/commit/bc9b35c4f5a34edcc7ed5ae86f24116198f61456> >> and >> https://github.com/aws/aws-lc/commit/f7798b764b95692d865fa0e067558deb8be3926a >> >> <https://github.com/aws/aws-lc/commit/f7798b764b95692d865fa0e067558deb8be3926a> >> were merged, so perhaps this can be revisited. >> >> What is missing to have 0RTT support? >> >>> - clienthello callback is missing, certificate selection could be >>> limited (RSA + ECDSA at the same time) >> >> > > About TLS_AES_128_CCM_SHA256 and *quictls*, this haproxy setting is > required: > > ssl-default-bind-ciphersuites > TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256 > > because the TLS stack disables TLS_AES_128_CCM_SHA256 by default. > > About *aws-lc*, even with this patch to reactivate > TLS_AES_128_CCM_SHA256 and the setting above the connection are closed > with NO_SHARED_CIPHER as OpenSSL internal error : > > diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h > index 86b8c1ee32..742118a82e 100644 > --- a/include/haproxy/quic_tls.h > +++ b/include/haproxy/quic_tls.h > @@ -144,7 +144,7 @@ static inline const EVP_CIPHER *tls_aead(const > SSL_CIPHER *cipher) > case TLS1_3_CK_CHACHA20_POLY1305_SHA256: > return EVP_chacha20_poly1305(); > #endif > -#if !defined(USE_OPENSSL_WOLFSSL) && !defined(OPENSSL_IS_AWSLC) > +#if !defined(USE_OPENSSL_WOLFSSL) > case TLS1_3_CK_AES_128_CCM_SHA256: > return EVP_aes_128_ccm(); > #endif > > > Should have mentionned that I use ngtcp2 as client to enforce a unique cipher (TLS1_3_CK_CHACHA20_POLY1305_SHA256 or TLS1_3_CK_AES_128_CCM_SHA256) to connect to haproxy.