From ed9b8fec49d23cb65484f7e21d5886aa2a50ce98 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Sat, 15 Jun 2024 00:25:16 +0200 Subject: [PATCH] BUG/MEDIUM: ssl: AWS-LC + TLSv1.3 won't do ECDSA in RSA+ECDSA configuration SSL_get_ciphers() in AWS-LC seems to lack the TLSv1.3 ciphersuites, which break the ECDSA key selection when doing TLSv1.3. An issue was opened https://github.com/aws/aws-lc/issues/1638 Indeed, in ssl_sock_switchctx_cbk(), the sigalgs is used to determine if ECDSA is doable or not, then the function compares the list of ciphers in the clienthello with the list of configured ciphers. The fix solves the issue by never skipping the TLSv1.3 ciphersuites, even if they are not in SSL_get_ciphers(). --- src/ssl_clienthello.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c index 4044a67204..04ea2ffea4 100644 --- a/src/ssl_clienthello.c +++ b/src/ssl_clienthello.c @@ -317,8 +317,17 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg) continue; /* check if this cipher is available in haproxy configuration */ +#if defined(USE_OPENSSL_AWSLC) + /* because AWS-LC does not provide the TLSv1.3 ciphersuites (which are NID_auth_any) in ha_ciphers, + * does not check if it's available when it's an NID_auth_any + */ + if (sk_SSL_CIPHER_find(ha_ciphers, cipher) == -1 && SSL_CIPHER_get_auth_nid(cipher) != NID_auth_any) + continue; +#else + if (sk_SSL_CIPHER_find(ha_ciphers, cipher) == -1) continue; +#endif cipher_id = SSL_CIPHER_get_id(cipher); /* skip the SCSV "fake" signaling ciphersuites because they are NID_auth_any (RFC 7507) */ -- 2.39.5