[PATCH] QUIC: fixed compat with ciphers other than AES128 (ticket #2500)
Sergey Kandaurov
pluknet at nginx.com
Mon May 29 09:55:47 UTC 2023
> On 28 May 2023, at 11:20, Roman Arutyunyan <arut at nginx.com> wrote:
>
> # HG changeset patch
> # User Roman Arutyunyan <arut at nginx.com>
> # Date 1685258227 -14400
> # Sun May 28 11:17:07 2023 +0400
> # Node ID 5b46de0dda837d97afbec7484931223c52d53905
> # Parent 8eae1b4f1c5528b063351804168a6085f5f50b42
> QUIC: fixed compat with ciphers other than AES128 (ticket #2500).
>
> Previously, rec.level field was not uninitialized in SSL_provide_quic_data().
> As a result, its value was always ssl_encryption_initial. Later in
> ngx_quic_ciphers() such level resulted in resetting the cipher to
> TLS1_3_CK_AES_128_GCM_SHA256 and using AES128 to encrypt the packet.
>
> Now the level is initialized and the right cipher is used.
>
> diff --git a/src/event/quic/ngx_event_quic_openssl_compat.c b/src/event/quic/ngx_event_quic_openssl_compat.c
> --- a/src/event/quic/ngx_event_quic_openssl_compat.c
> +++ b/src/event/quic/ngx_event_quic_openssl_compat.c
> @@ -463,6 +463,7 @@ SSL_provide_quic_data(SSL *ssl, enum ssl
> rec.log = c->log;
> rec.number = com->read_record++;
> rec.keys = &com->keys;
> + rec.level = level;
>
> if (level == ssl_encryption_initial) {
> n = ngx_min(len, 65535);
Looks good.
--
Sergey Kandaurov
More information about the nginx-devel
mailing list