чт, 25 июл. 2024 г. в 22:00, Илья Шипицин <chipits...@gmail.com>:
> > > чт, 25 июл. 2024 г. в 14:27, William Lallemand <wlallem...@irq6.net>: > >> On Wed, Jul 03, 2024 at 11:51:21PM +0200, William Lallemand wrote: >> > > aws-lc implements chacha20_poly1305 in a different way than QuicTLS. >> > > and if that gap is eliminated, it will be a good point to declare >> aws-lc as >> > > a recommended QUIC lib. >> > > >> > > if we compare aws-lc against openssl-1.1 (not quictls), it is indeed >> > > matches (maybe except some niche features like async) >> > > >> > >> > BoringSSL, LibreSSL, and AWS-LC uses the EVP_AEAD API, basically we >> would need >> > to use EVP_aead_chacha20_poly1305() instead of EVP_chacha20_poly1305(), >> and >> > EVP_aead_chacha20_poly1305() instead of EVP_chacha20() and uses the >> EVP_AEAD >> > functions. IMHO this is not a huge change and this is doable, we just >> need to >> > invest some time on it. >> > >> > Regards, >> >> FYI I just push some patches that implements the CHACHA20_POLY1305 for >> QUIC with AWS-LC. >> > > nice, it passes chacha20 test! > > >> We now handle with AWS-LC for QUIC: >> - TLS_AES_128_GCM_SHA256 >> - TLS_AES_256_GCM_SHA384 >> - TLS_CHACHA20_POLY1305_SHA256 >> >> The TLS_AES_128_CCM_SHA256 cipher is not implemented by AWS-LC, and is >> disabled by default in a lot of stack anyway. >> > next point: 0-RTT according to haproxy/include/haproxy/openssl-compat.h at master · haproxy/haproxy (github.com) <https://github.com/haproxy/haproxy/blob/master/include/haproxy/openssl-compat.h#L117-L119> 0-RTT support depends on SSL_OP_NO_ANTI_REPLAY (which is not defined for AWS-LC) thus it is not possible to satisfy that condition haproxy/src/quic_ssl.c at master · haproxy/haproxy (github.com) <https://github.com/haproxy/haproxy/blob/master/src/quic_ssl.c#L765-L772> AWS-LC (inherited from BoringSSL) supports 0-RTT in its own way not compatible with QuicTLS (( > >> Regards, >> >> -- >> William Lallemand >> >