пт, 26 июл. 2024 г. в 09:55, Aleksandar Lazic <al-hapr...@none.at>:
> Hi. > > On 2024-07-25 (Do.) 23:22, Илья Шипицин wrote: > > > > > > чт, 25 июл. 2024 г. в 22:00, Илья Шипицин <chipits...@gmail.com > > <mailto:chipits...@gmail.com>>: > > > > > > > > чт, 25 июл. 2024 г. в 14:27, William Lallemand <wlallem...@irq6.net > > <mailto:wlallem...@irq6.net>>: > > > > On Wed, Jul 03, 2024 at 11:51:21PM +0200, William Lallemand > wrote: > > > > aws-lc implements chacha20_poly1305 in a different way than > QuicTLS. > > > > and if that gap is eliminated, it will be a good point to > declare > > aws-lc as > > > > a recommended QUIC lib. > > > > > > > > if we compare aws-lc against openssl-1.1 (not quictls), it > is indeed > > > > matches (maybe except some niche features like async) > > > > > > > > > > BoringSSL, LibreSSL, and AWS-LC uses the EVP_AEAD API, > basically we > > would need > > > to use EVP_aead_chacha20_poly1305() instead of > > EVP_chacha20_poly1305(), and > > > EVP_aead_chacha20_poly1305() instead of EVP_chacha20() and > uses the > > EVP_AEAD > > > functions. IMHO this is not a huge change and this is doable, > we just > > need to > > > invest some time on it. > > > > > > Regards, > > > > FYI I just push some patches that implements the > CHACHA20_POLY1305 for > > QUIC with AWS-LC. > > > > > > nice, it passes chacha20 test! > > > > We now handle with AWS-LC for QUIC: > > - TLS_AES_128_GCM_SHA256 > > - TLS_AES_256_GCM_SHA384 > > - TLS_CHACHA20_POLY1305_SHA256 > > > > The TLS_AES_128_CCM_SHA256 cipher is not implemented by AWS-LC, > and is > > disabled by default in a lot of stack anyway. > > > > > > next point: 0-RTT > > Sorry for the stupid questions but as I don't maintain any QUIC based apps > I'm > curious if this really makes any differences compared to "normal" requests. > > How often is this really used in the real world setup? > Have anybody seen any real benefit for users out there with 0-RTT? > very beneficial Introducing Zero Round Trip Time Resumption (0-RTT) (cloudflare.com) <https://blog.cloudflare.com/introducing-0-rtt/> > > > according to haproxy/include/haproxy/openssl-compat.h at master · > > haproxy/haproxy (github.com) > > < > https://github.com/haproxy/haproxy/blob/master/include/haproxy/openssl-compat.h#L117-L119 > > > > 0-RTT support depends on SSL_OP_NO_ANTI_REPLAY (which is not defined for > AWS-LC) > > > > thus it is not possible to satisfy that condition > > > > haproxy/src/quic_ssl.c at master · haproxy/haproxy (github.com) > > <https://github.com/haproxy/haproxy/blob/master/src/quic_ssl.c#L765-L772 > > > > > > AWS-LC (inherited from BoringSSL) supports 0-RTT in its own way not > compatible > > with QuicTLS (( > > > > > > Regards, > > > > -- > > William Lallemand > > Regards > Alex >
