On Thu, 2 May 2024 at 19:50, Lukas Tribus wrote:
>
> On Thu, 2 May 2024 at 17:14, Froehlich, Dominik
> wrote:
> > The closest I’ve gotten is the “curves” property:
> > https://docs.haproxy.org/2.8/configuration.html#5.1-curves
> >
> > However, I think it only restricts the available elliptic curves in a ECDHE
> > handshake, but it does not prevent a TLS 1.3 client from selecting a
> > non-ECDHE prime group, for example “ffdhe8192”.
>
> If I understand the code correctly, both nginx and haproxy call
> SSL_CTX_set1_curves_list(), what exactly makes you think that haproxy
> does something different?
More to the point:
curve and group is the same exact thing in openssl:
https://www.openssl.org/docs/man3.0/man3/SSL_CONF_cmd.html
> -curves groups
> This is a synonym for the -groups command.
https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set1_curves.html
> The curve functions are synonyms for the equivalently named group functions
> and are identical in every respect. They exist because, prior to TLS1.3,
> there was only the concept of supported curves. In TLS1.3 this was renamed to
> supported groups, and extended to include Diffie Hellman groups. The group
> functions should be used in preference.
https://github.com/openssl/openssl/issues/18089#issuecomment-1096748557
> In TLSv1.3 the old "supported_curves" extension was renamed to
> "supported_groups". This renaming has been followed through to the OpenSSL
> API so that SSL_CTX_set1_curves_list is synonymous with
> SSL_CTX_set1_groups_list, and the the -curves command line argument is
> synonymous with -groups. So in the above issue you are not just constraining
> the EC curves - you are constraining all the groups available for use in
> TLSv1.3. This includes FFDH groups - so the above configuration prevents
> either ECDH or FFDH being used in TLSv1.3.
Setting openssl curves (groups) via SSL_CTX_set1_curves_list just like
nginx does is supported since Haproxy 1.8:
https://github.com/haproxy/haproxy/commit/e7f2b7301c0a6625654056356cca56853a14cd68
Lukas