пт, 26 июл. 2024 г. в 09:14, William Lallemand <wlallem...@irq6.net>:
> On Thu, Jul 25, 2024 at 11:22:25PM +0200, Илья Шипицин wrote: > > Subject: Re: [ANNOUNCE] haproxy-3.1-dev2 > > чт, 25 июл. 2024 г. в 22:00, Илья Шипицин <chipits...@gmail.com>: > > > > > > > > > > > чт, 25 июл. 2024 г. в 14:27, William Lallemand <wlallem...@irq6.net>: > > > > > >> On Wed, Jul 03, 2024 at 11:51:21PM +0200, William Lallemand wrote: > > >> > > aws-lc implements chacha20_poly1305 in a different way than > QuicTLS. > > >> > > and if that gap is eliminated, it will be a good point to declare > > >> aws-lc as > > >> > > a recommended QUIC lib. > > >> > > > > >> > > if we compare aws-lc against openssl-1.1 (not quictls), it is > indeed > > >> > > matches (maybe except some niche features like async) > > >> > > > > >> > > > >> > BoringSSL, LibreSSL, and AWS-LC uses the EVP_AEAD API, basically we > > >> would need > > >> > to use EVP_aead_chacha20_poly1305() instead of > EVP_chacha20_poly1305(), > > >> and > > >> > EVP_aead_chacha20_poly1305() instead of EVP_chacha20() and uses the > > >> EVP_AEAD > > >> > functions. IMHO this is not a huge change and this is doable, we > just > > >> need to > > >> > invest some time on it. > > >> > > > >> > Regards, > > >> > > >> FYI I just push some patches that implements the CHACHA20_POLY1305 for > > >> QUIC with AWS-LC. > > >> > > > > > > nice, it passes chacha20 test! > > > > > > > > >> We now handle with AWS-LC for QUIC: > > >> - TLS_AES_128_GCM_SHA256 > > >> - TLS_AES_256_GCM_SHA384 > > >> - TLS_CHACHA20_POLY1305_SHA256 > > >> > > >> The TLS_AES_128_CCM_SHA256 cipher is not implemented by AWS-LC, and is > > >> disabled by default in a lot of stack anyway. > > >> > > > > > next point: 0-RTT > > > > according to haproxy/include/haproxy/openssl-compat.h at master · > > haproxy/haproxy (github.com) > > < > https://github.com/haproxy/haproxy/blob/master/include/haproxy/openssl-compat.h#L117-L119 > > > > > > 0-RTT support depends on SSL_OP_NO_ANTI_REPLAY (which is not defined for > > AWS-LC) > > > > thus it is not possible to satisfy that condition > > > > haproxy/src/quic_ssl.c at master · haproxy/haproxy (github.com) > > <https://github.com/haproxy/haproxy/blob/master/src/quic_ssl.c#L765-L772 > > > > > > AWS-LC (inherited from BoringSSL) supports 0-RTT in its own way not > > compatible with QuicTLS (( > > Yes, I already planned to do it. > great! I ran QUIC Interop on quic-go client: Run took 0:21:32.237143 +----+------------------------+ | | haproxy | +----+------------------------+ | go | HDCLRC20MSR3BAL1L2C1C2 | | | EV2 | | | ZU6 | +----+------------------------+ +----+----------------------+ | | haproxy | +----+----------------------+ | go | G: 7995 (± 98) kbps | | | C: 4721 (± 182) kbps | +----+----------------------+ > > -- > William Lallemand >
