Welcome! Log In Create A New Profile

[nginx] QUIC: fixed compat with ciphers other than AES128 (ticket #2500).

Forum List Message List New Topic Print View

Roman Arutyunyan

May 29, 2023 07:14AM

details: https://hg.nginx.org/nginx/rev/b4a57278bf24
branches:
changeset: 9118:b4a57278bf24
user: Roman Arutyunyan <arut@nginx.com>
date: Sun May 28 11:17:07 2023 +0400
description:
QUIC: fixed compat with ciphers other than AES128 (ticket #2500).

Previously, rec.level field was not uninitialized in SSL_provide_quic_data().
As a result, its value was always ssl_encryption_initial. Later in
ngx_quic_ciphers() such level resulted in resetting the cipher to
TLS1_3_CK_AES_128_GCM_SHA256 and using AES128 to encrypt the packet.

Now the level is initialized and the right cipher is used.

diffstat:

src/event/quic/ngx_event_quic_openssl_compat.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)

diffs (11 lines):

diff -r 6c75d2484267 -r b4a57278bf24 src/event/quic/ngx_event_quic_openssl_compat.c
--- a/src/event/quic/ngx_event_quic_openssl_compat.c Mon May 29 15:03:31 2023 +0400
+++ b/src/event/quic/ngx_event_quic_openssl_compat.c Sun May 28 11:17:07 2023 +0400
@@ -463,6 +463,7 @@ SSL_provide_quic_data(SSL *ssl, enum ssl
rec.log = c->log;
rec.number = com->read_record++;
rec.keys = &com->keys;
+ rec.level = level;

if (level == ssl_encryption_initial) {
n = ngx_min(len, 65535);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] QUIC: fixed compat with ciphers other than AES128 (ticket #2500).	Roman Arutyunyan	343	May 29, 2023 07:14AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 321

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018