Hello Artur,
On Thu, Feb 13, 2025 at 12:19:40AM +0100, Artur wrote:
> Subject: Re: AWS-LC : Incompatibilities and suggested config
> Hello Willy and William,
>
> Thank you for your explanations and suggestions.
>
> I've checked the ciphers supported by aws-lc and with help of Mozilla SSL
> Configuration Generator I have now a reasonable configuration for haproxy.
> As it may be of some interest, I post it here. I'm currently running haproxy
> 3.1.3.
> There was no problem to compile haproxy+aws-lc on Debian 12 and Debian 11.
> However on Debian 11, one have to enable backports to get an up-to-date
> golang package (and cmake if you want).
> The dependencies for aws-lc compilation are cmake/golang/libunwind-dev
> (other than build-essentials).
Go is in fact not required, you only need it if you want to activate FIPS.
You can compile like this:
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1 -DDISABLE_GO=1
-DDISABLE_PERL=1 \
-DBUILD_TESTING=0 -DCMAKE_INSTALL_PREFIX=${BUILDSSL_DESTDIR} ..
> The compilation process is exactly as described in haproxy INSTALL file.
>
> haproxy has been configured/built with something like this (distribution
> INSTALL file was helpful here):
>
> make -j $(nproc) ARCH_FLAGS=-s TARGET=linux-glibc CPU_CFLAGS=-march=native
> USE_OPENSSL_AWSLC=1 SSL_INC=/opt/aws-lc/include SSL_LIB=/opt/aws-lc/lib
> USE_QUIC=1 [...] all
>
> I can't see LDFLAGS in INSTALL examples. In previous haproxy versions with
> quictls it was set to : LDFLAGS="-L/opt/quictls/lib
> -Wl,-rpath,/opt/quictls/lib". I suppose it's no longer necessary or it's not
> necessary with aws-lc.
>
In fact it only depends where you installed your library and if this is a
static or a shared library. If you didn't
specify -DBUILD_SHARED_LIBS=1 it would build statically the library so you
won't depend on a .so but would include the
.a in HAProxy.
> haproxy ciphers setup :
>
> |# generated 2025-02-12, Mozilla Guideline v5.7, HAProxy 3.0, OpenSSL 3.4.0,
> intermediate config, no HSTS #
> https://ssl-config.mozilla.org/#server=haproxy&version=3.0&config=intermediate&openssl=3.4.0&hsts=false&guideline=5.7
> global # intermediate configuration ssl-default-bind-curves
> X25519:prime256v1:secp384r1 ssl-default-bind-ciphers
> ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
> ssl-default-bind-ciphersuites
> TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
> ssl-default-bind-options prefer-client-ciphers ssl-min-ver TLSv1.2
> no-tls-tickets
> ssl-default-server-curves X25519:prime256v1:secp384r1
> ssl-default-server-ciphers
> ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
> ssl-default-server-ciphersuites
> TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
> ssl-default-server-options ssl-min-ver TLSv1.2 no-tls-tickets
>
> Please comment if you have some suggestions or enhancements to this config.
>
You could remove all DHE-* ciphers as they are not implemented in AWS-LC they
are ignored. Regarding the TLSv1.3
ciphersuites, only 3 are implemented so you could keep the default values.
TLSv1.2 is already the minimum on bind lines in recent HAProxy versions.
Regarding no-tls-tickets, it depends if you want to avoid entirely resuming a
previous TLS session, or if you want to
use "stateful tickets" instead of "stateless" ones that uses the HAPoxy cache.
If you want to disable completely TLS resume on bind lines, you need in
addition to no-tls-tickets:
'tune.ssl.cachesize 0' in the global section.
Note that stateful resumption is not implemented for TLSv1.3 in AWS-LC.
Regards,
--
William Lallemand
