Hello!
On Wed, Apr 09, 2025 at 09:56:17PM +0200, A. Schulze via nginx wrote:
> Am 08.04.25 um 17:50 schrieb Maxim Dounin:
> > Changes with freenginx 1.27.5 08 Apr 2025
> > ...
>
> Hello,
>
> I've build freenginx with the just releases openssl-3.5.0.
> The new PQ key exchange is enabled in openssl-3.5 and freenginx use it
> without special configuration.
> (the defaults for ssl_ecdh_curve are fine)
>
> But in the log, the variable 'ssl_curve' [1] still say only the numeric
> number 0x11ec
> Firefox could name that key-exchange as "mlkem768x25519"
The $ssl_curve variable uses SSL_get_negotiated_group() and then
uses OBJ_nid2sn() as long as the group is known to OpenSSL.
It looks like OpenSSL for some reason decided not to add NIDs for
these groups - not sure why. Either it is just an omission which
is going to be fixed, or the intention is to force users to move
away from using NIDs to newer interfaces, such as
SSL_get0_group_name() and SSL_group_to_name().
I suspect this is just an omission and it will be eventually fixed
in OpenSSL. (Just for the record, with BoringSSL the code just
works and provides correct $ssl_curves name for X25519MLKEM768.)
OTOH, you may try the following patch which tries to use
SSL_get0_group_name() and SSL_group_to_name() if available.
Note thought that it slightly changes names as seen in the
$ssl_curve and $ssl_curves variables. In particular, with OpenSSL
3.5 both on the server and as a client, variables are changed
from:
$ssl_curve: 0x11ec
$ssl_curves:
0x11ec:X25519:prime256v1:X448:secp384r1:secp521r1:ffdhe2048:ffdhe3072
to the following:
$ssl_curve: X25519MLKEM768
$ssl_curves:
X25519MLKEM768:x25519:secp256r1:x448:secp384r1:secp521r1:ffdhe2048:ffdhe3072
Note "X25519" changed to "x25519", and "prime256v1" to
"secp256r1".
Please let me know what do you think.
# HG changeset patch
# User Maxim Dounin <mdou...@mdounin.ru>
# Date 1744258053 -10800
# Thu Apr 10 07:07:33 2025 +0300
# Node ID 0c82db8ddbed7ae4104a5c00d442b4cf0d3434e1
# Parent 8e674d7e1a1ad3648498d0cba2c9b2a9da5d3777
SSL: improved handling of $ssl_curve and $ssl_curves variables.
Now $ssl_curve uses SSL_get0_group_name() if available, and $ssl_curves
uses SSL_get0_iana_groups(). Notably, this makes it possible to see
the names of the X25519MLKEM768 group as supported by OpenSSL 3.5.0.
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -5256,7 +5256,31 @@ ngx_ssl_get_ciphers(ngx_connection_t *c,
ngx_int_t
ngx_ssl_get_curve(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
-#ifdef SSL_get_negotiated_group
+#ifdef SSL_get0_iana_groups
+
+ u_char *name;
+
+ /*
+ * Both SSL_get0_group_name() and SSL_get0_iana_groups()
+ * appeared in OpenSSL 3.2.0.
+ */
+
+ name = (u_char *) SSL_get0_group_name(c->ssl->connection);
+
+ if (name) {
+ s->len = ngx_strlen(name);
+
+ s->data = ngx_pnalloc(pool, s->len);
+ if (s->data == NULL) {
+ return NGX_ERROR;
+ }
+
+ ngx_memcpy(s->data, name, s->len);
+
+ return NGX_OK;
+ }
+
+#elif defined SSL_get_negotiated_group
int nid;
@@ -5292,7 +5316,64 @@ ngx_ssl_get_curve(ngx_connection_t *c, n
ngx_int_t
ngx_ssl_get_curves(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
{
-#ifdef SSL_CTRL_GET_CURVES
+#ifdef SSL_get0_iana_groups
+
+ int n, i, nid;
+ u_char *p, *name;
+ size_t len;
+ uint16_t *groups;
+
+ n = SSL_get0_iana_groups(c->ssl->connection, &groups);
+
+ if (n <= 0) {
+ s->len = 0;
+ return NGX_OK;
+ }
+
+ len = 0;
+
+ for (i = 0; i < n; i++) {
+ nid = groups[i] | TLSEXT_nid_unknown;
+
+ name = (u_char *) SSL_group_to_name(c->ssl->connection, nid);
+
+ if (name) {
+ len += ngx_strlen(name);
+
+ } else {
+ len += sizeof("0x0000") - 1;
+ }
+
+ len += sizeof(":") - 1;
+ }
+
+ s->data = ngx_pnalloc(pool, len);
+ if (s->data == NULL) {
+ return NGX_ERROR;
+ }
+
+ p = s->data;
+
+ for (i = 0; i < n; i++) {
+ nid = groups[i] | TLSEXT_nid_unknown;
+
+ name = (u_char *) SSL_group_to_name(c->ssl->connection, nid);
+
+ if (name) {
+ p = ngx_sprintf(p, "%s", name);
+
+ } else {
+ p = ngx_sprintf(p, "0x%04xd", nid & 0xffff);
+ }
+
+ *p++ = ':';
+ }
+
+ p--;
+
+ s->len = p - s->data;
+
+#elif defined SSL_get1_curves
int *curves, n, i, nid;
u_char *p;
--
Maxim Dounin
http://mdounin.ru/
