On 1/15/24 17:16, Yaacov Akiba Slama wrote: > On 04/10/2023 18:38, William Lallemand wrote: >> Hello, >> >> I fixed the build for USE_QUIC=1 and AWSLC which is limited like Ilya >> mentionned. >> >> For now: >> >> - 0RTT was disabled. >> - TLS1_3_CK_CHACHA20_POLY1305_SHA256, TLS1_3_CK_AES_128_CCM_SHA256 >> were disabled > > https://github.com/aws/aws-lc/commit/bc9b35c4f5a34edcc7ed5ae86f24116198f61456 > and > https://github.com/aws/aws-lc/commit/f7798b764b95692d865fa0e067558deb8be3926a > were merged, so perhaps this can be revisited. > > What is missing to have 0RTT support? > >> - clienthello callback is missing, certificate selection could be >> limited (RSA + ECDSA at the same time) > >
To me there are two ciphers to be implemented by aws-lc to make QUIC works with TLS_CHACHA20_POLY1305_SHA256 cipher: EVP_chacha20_poly1305() and EVP_chacha20(). Perhaps I have missed something but EVP_chacha20() is missing. Regards, Fred.
