BUG/MEDIUM: ssl: AWS-LC + TLSv1.3 won't do ECDSA in RSA+ECDSA configuration

SSL_get_ciphers() in AWS-LC seems to lack the TLSv1.3 ciphersuites, which break the ECDSA key selection when doing TLSv1.3. An issue was opened https://github.com/aws/aws-lc/issues/1638 Indeed, in ssl_sock_switchctx_cbk(), the sigalgs is used to determine if ECDSA is doable or not, then the function compares the list of ciphers in the clienthello with the list of configured ciphers. The fix solves the issue by never skipping the TLSv1.3 ciphersuites, even if they are not in SSL_get_ciphers().
2025-02-17 11:06:54 +00:00 · 2024-06-15 00:25:16 +02:00 · 2024-06-15 00:25:16 +02:00 · ed9b8fec49
commit ed9b8fec49
parent 6da0879083
1 changed files with 9 additions and 0 deletions
--- a/src/ssl_clienthello.c
+++ b/src/ssl_clienthello.c
@ -317,8 +317,17 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
 				continue;

 			/* check if this cipher is available in haproxy configuration */
+#if defined(USE_OPENSSL_AWSLC)
+                        /* because AWS-LC does not provide the TLSv1.3 ciphersuites (which are NID_auth_any) in ha_ciphers,
+                         * does not check if it's available when it's an NID_auth_any
+                         */
+                        if (sk_SSL_CIPHER_find(ha_ciphers, cipher) == -1 && SSL_CIPHER_get_auth_nid(cipher) != NID_auth_any)
+				continue;
+#else
+
 			if (sk_SSL_CIPHER_find(ha_ciphers, cipher) == -1)
 				continue;
+#endif

 			cipher_id = SSL_CIPHER_get_id(cipher);
 			/* skip the SCSV "fake" signaling ciphersuites because they are NID_auth_any (RFC 7507) */