BUG/MEDIUM: ssl: AWS-LC + TLSv1.3 won't do ECDSA in RSA+ECDSA configu…

…ration SSL_get_ciphers() in AWS-LC seems to lack the TLSv1.3 ciphersuites, which break the ECDSA key selection when doing TLSv1.3. An issue was opened aws/aws-lc#1638 Indeed, in ssl_sock_switchctx_cbk(), the sigalgs is used to determine if ECDSA is doable or not, then the function compares the list of ciphers in the clienthello with the list of configured ciphers. The fix solves the issue by never skipping the TLSv1.3 ciphersuites, even if they are not in SSL_get_ciphers().
haproxy · Jun 17, 2024 · 1877591 · 1877591
1 parent 3d931bd
commit 1877591
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/src/ssl_clienthello.c b/src/ssl_clienthello.c
@@ -317,8 +317,17 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
 				continue;
 
 			/* check if this cipher is available in haproxy configuration */
+#if defined(USE_OPENSSL_AWSLC)
+                        /* because AWS-LC does not provide the TLSv1.3 ciphersuites (which are NID_auth_any) in ha_ciphers,
+                         * does not check if it's available when it's an NID_auth_any
+                         */
+                        if (sk_SSL_CIPHER_find(ha_ciphers, cipher) == -1 && SSL_CIPHER_get_auth_nid(cipher) != NID_auth_any)
+				continue;
+#else
+
 			if (sk_SSL_CIPHER_find(ha_ciphers, cipher) == -1)
 				continue;
+#endif
 
 			cipher_id = SSL_CIPHER_get_id(cipher);
 			/* skip the SCSV "fake" signaling ciphersuites because they are NID_auth_any (RFC 7507) */