Re: [PATCH] support Openssl 1.1.1 early callback API for HS

[Willy Tarreau]

Hi Manu,

On Mon, Sep 04, 2017 at 04:39:45PM +0200, Emmanuel Hocdet wrote:
> Hi Emeric, Christopher
> 
> If you can review when you have time. (3) for Christopher.
> 
> This patches allows to support native multicert selection (RSA/ECDSA) and
> ssl-min-ver/ ssl-max-ver per certificat with openssl 1.1.1 (boringssl is the 
> only
> one to support this until this patch).
> 
> patches:
> 1) Convert BoringSSL api call (CBS) to ssl-lib independent code.
> This is the biggest part and only depend on BoringSSL build (until 2).
> 
> 2) support  openssl 1.1.1 early callback API. It mimic BoringSSL api, and this
>is a good news (small patch).
>Do we want to push code for openssl 1.1.1 (dev) in haproxy (dev) now?

I suspect it will be mandatory in order to support TLS early-data (0-RTT).
So I think it will be nice to have it before the release. However given that
both Christopher and Emeric are heavily loaded on the multi-threading part,
I suggest that we postpone the patchset review until the multi-thread stuff
gets merged. As you say, the patch is small so it will be easy to review and
apply, and/or revert in case of issues so it's not a big deal to merge it
late in the cycle.

Thanks,
Willy

Re: [PATCH] DOC: Add note about "* " prefix in CSV stats

[Willy Tarreau]

On Fri, Sep 01, 2017 at 07:19:57PM +0200, Daniel Schneller wrote:
> Just a little documentation patch I wrote,

Oh thanks for this one Daniel, I thought it was already mentionned but
I was wrong. Now applied.

Willy

Re: [PATCH] BUG/MEDIUM: http: Fix a regression bug when a HTTP response is in TUNNEL mode

[Willy Tarreau]

On Mon, Sep 04, 2017 at 02:49:00PM +0200, Christopher Faulet wrote:
> Hi all,
> 
> Finally I reworked my previous patch. This one should fix the bug, without
> side effect (AFAIK). It fixes slowdowns experienced on 1.7.9 for HTTP
> responses with undefined body length when the compression is enabled.

Now merged, thanks Christopher!
Willy

Re: Kernel TLS for http/2

[Willy Tarreau]

Hi Aleks,

On Mon, Sep 04, 2017 at 09:34:07AM +0200, Aleksandar Lazic wrote:
> Hi,
> 
> Have anyone seen KTLS also?
> 
> https://lwn.net/Articles/666509/
> 
> https://netdevconf.org/1.2/papers/ktls.pdf
> 
> looks pretty interesting.

As I already mentionned (I don't remember to whom), I really don't see *any*
benefit in this approach and only problems in fact. By the way, others have
attempted it in the past and failed.

The intended purpose is to save memory copies. But memory copies cost very
little compared to AES encryption, so the savings are very marginal, as the
graph shows. The reality is that in order to increase the performance by
only 5% :

  - existing TLS application code will require modifications to be able to
use both openssl and ktls

  - as new algorithms are deployed, you'll have to switch back to openssl
and disable kernel offloading for the time it takes to upgrade to a
new kernel. FWIW we're seeing people install openssl 1.0.2 or 1.1.0
on centos 7. This proves that userland moves faster than kernels. This
problem could slow down adoption of new algorithms by the way, which is
exactly what QUIC is fighting by moving all the TCP stack into the
browser :-(

  - the data to be encrypted are now transferred to the kernel and visible
using strace. One could argue that it will help with debugging, but it
is also sometimes useful on some production systems to know that strace
remains a safe tool to use because you don't see clear text data.

  - the application has less control over the TLS record size, which is
critical to page load time as it allows browsers to parse contents on
the fly without having to wait for a full transfer before decrypting.

So for me it's attacking a non-problem and will cause new problems. I'm
still not seeing any real benefit, I'm sorry. And you know that usually
I'm the one trying to push stuff into the kernel to make things faster.
It's just that *this* specific thing doesn't bring any obvious savings
to me.

Cheers,
Willy

Re: Haproxy 1.7.9 or earlier stopped using h2

[Willy Tarreau]

Hi Matthias,

On Sun, Sep 03, 2017 at 09:36:30AM +0200, Matthias Fechner wrote:
> Dear all,
> 
> I configured some time ago haproxy to support http2 using tcp mode on
> FreeBSD.
> 
> The configuration looked like:
> 
> frontend www-https
>     mode tcp
>     option tcplog
>     bind : ssl crt /usr/local/etc/haproxy/certs/ alpn h2,http/1.1
>     use_backend nginx-http2-backend if { ssl_fc_alpn -i h2 }
>     default_backend nginx-http-backend
> 
> backend nginx-http2-backend
>     mode tcp
>     server www-1 127.0.0.1:8083 check send-proxy
> 
> 
> Nginx on port 8083 is listing with this line:
> listen 127.0.0.1:8083 http2 proxy_protocol;
> 
> 
> That worked in the past. I have no idea when it stopped, but currently
> it is not working anymore.
> Is anyone aware of a change that could cause h2 to not working anymore?

Make sure that you built with openssl 1.0.2 (haproxy -vv). ALPN is only
provided in this version, not older ones. Also, maybe your nginx needs
to receive a proxy-protocol-v2 header to accept to enable H2 (it's the
only one which mentions SSL presence and a few extensions) ? In this
case you'll need to use "send-proxy-v2" instead of "send-proxy". I don't
have other ideas for now.

Willy

Re: [PATCH] MINOR: ssl: remove duplicate ssl_methods in struct bind_conf

[Willy Tarreau]

On Mon, Sep 04, 2017 at 02:53:06PM +0200, Emeric Brun wrote:
> It shoud be ok.
> 
> Willy, you've my go!

Now applied, thanks guys.

Willy