Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to set ciphers for quic traffic #11796

Closed
Karthikdasari0423 opened this issue Sep 4, 2023 · 9 comments
Closed

Unable to set ciphers for quic traffic #11796

Karthikdasari0423 opened this issue Sep 4, 2023 · 9 comments
Labels
HTTP/3 h3 or quic related TLS

Comments

@Karthikdasari0423
Copy link
Contributor

Karthikdasari0423 commented Sep 4, 2023
edited

I did this

i tried to run below command with chacha20 ciphers

curl -v -# --http3-only -k -o /tmp/BPS.pdf https://127.0.0.1:8443/BPS.pdf --ciphers TLS_CHACHA20_POLY1305_SHA256

and file also downloaded sucessfully but nginx logs is not showing chacha20 as ciphers used

cat /var/log/nginx/access.log
127.0.0.1 - - [04/Sep/2023:17:50:14 +0000] "GET /BPS.pdf HTTP/3.0" 200 30182355 "-" "curl/8.3.0-DEV"
127.0.0.1 - - [04/Sep/2023:17:50:14 +0000] "HTTP/3.0" "GET /BPS.pdf HTTP/3.0" 200 30182355 "-" "curl/8.3.0-DEV" "h3" "-""GET https://127.0.0.1/BPS.pdf 9948104b97890658c6b4ccba6908c68d 177287 1693849814.723 0.167 - - - "/var/www/html/BPS.pdf" OKTLSv1.3/TLS_AES_128_GCM_SHA256

I expected the following

i expect curl to use chacha20 ciphers

curl/libcurl version

curl -V
curl 8.3.0-DEV (x86_64-pc-linux-gnu) libcurl/8.3.0-DEV OpenSSL/3.0.9 zlib/1.2.11 brotli/1.0.9 nghttp2/1.56.0-DEV ngtcp2/0.18.0 nghttp3/0.14.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets

operating system

uname -a
Linux ubuntu 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

am i missing anything here cause with ngtcp2 and aioquic,i am able to see chacha20 ciphers in nginx logs

cat /var/log/nginx/access.log
127.0.0.1 - - [04/Sep/2023:17:45:26 +0000] "GET / HTTP/3.0" 200 10701 "-" "aioquic/0.9.21"
127.0.0.1 - - [04/Sep/2023:17:45:26 +0000] "HTTP/3.0" "GET / HTTP/3.0" 200 10701 "-" "aioquic/0.9.21" "h3" "-""GET https://localhost/ 3e68fabe6168c1cf6986e8f210b61280 176074 1693849526.229 0.000 - - - "/var/www/html/index.html" OKTLSv1.3/TLS_CHACHA20_POLY1305_SHA256
@dfandrich
Copy link
Contributor

dfandrich commented Sep 4, 2023 via email

@Karthikdasari0423
Copy link
Contributor Author

Karthikdasari0423 commented Sep 4, 2023
edited

I believe this is curl issue and i am not sure about OpenSSL configuration cause i have followed the same steps mentioned how to build curl with quic support and done the same.
[https://github.com/curl/curl/blob/master/docs/HTTP3.md]

Below is the output of 'openssl ciphers'

root@ubuntu:~# openssl ciphers
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA
root@ubuntu:~#

this is not any website,i am running curl and nginx locally in my ubuntu machine and trying to connect to localhost(127.0.0.1)

[curl -v -# --http3-only -k -o /tmp/BPS.pdf https://127.0.0.1:8443/BPS.pdf --ciphers TLS_CHACHA20_POLY1305_SHA256]

I am able to connect to nginx with ngtcp2 and aioquic

below is the nginx output for aioquic

cat /var/log/nginx/access.log
127.0.0.1 - - [04/Sep/2023:17:45:26 +0000] "GET / HTTP/3.0" 200 10701 "-" "aioquic/0.9.21"
127.0.0.1 - - [04/Sep/2023:17:45:26 +0000] "HTTP/3.0" "GET / HTTP/3.0" 200 10701 "-" "aioquic/0.9.21" "h3" "-""GET https://localhost/ 3e68fabe6168c1cf6986e8f210b61280 176074 1693849526.229 0.000 - - - "/var/www/html/index.html" OKTLSv1.3/TLS_CHACHA20_POLY1305_SHA256

Please let me know if i am missing anything here

@bagder bagder added TLS HTTP/3 h3 or quic related labels Sep 4, 2023
@bagder
Copy link
Member

bagder commented Sep 4, 2023

Since QUIC uses tls 1.3, shouldn't --tls13-ciphers be used?

@Karthikdasari0423
Copy link
Contributor Author

Karthikdasari0423 commented Sep 5, 2023
edited

yes,we should use --tls13-ciphers and i tried same with --tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 but ciphers didnt took any effect

Below is the output

root@ubuntu:~# curl -v -# --http3-only -k --tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 -o /tmp/BPS.pdf https://127.0.0.1:8443/BPS.pdf
*   Trying 127.0.0.1:8443...
* Skipped certificate verification
* Connected to 127.0.0.1 (127.0.0.1) port 8443
* using HTTP/3
* [HTTP/3] [0] OPENED stream for https://127.0.0.1:8443/BPS.pdf
* [HTTP/3] [0] [:method: GET]
* [HTTP/3] [0] [:scheme: https]
* [HTTP/3] [0] [:authority: 127.0.0.1:8443]
* [HTTP/3] [0] [:path: /BPS.pdf]
* [HTTP/3] [0] [user-agent: curl/8.3.0-DEV]
* [HTTP/3] [0] [accept: */*]
> GET /BPS.pdf HTTP/3
> Host: 127.0.0.1:8443
> User-Agent: curl/8.3.0-DEV
> Accept: */*
>
< HTTP/3 200
< server: nginx/1.25.2
< date: Tue, 05 Sep 2023 04:12:59 GMT
< content-type: application/pdf
< content-length: 30182355
< last-modified: Sun, 03 Sep 2023 10:16:30 GMT
< etag: "64f45cfe-1cc8bd3"
< alt-svc: h3=":8443"; ma=86400
< x-protocol: HTTP/3.0
< accept-ranges: bytes
<
{ [29302 bytes data]
################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

root@ubuntu:~#
root@ubuntu:~#
root@ubuntu:~# cat /var/log/nginx/access.log
127.0.0.1 - - [05/Sep/2023:04:12:59 +0000] "GET /BPS.pdf HTTP/3.0" 200 30182355 "-" "curl/8.3.0-DEV"
127.0.0.1 - - [05/Sep/2023:04:12:59 +0000] "HTTP/3.0" "GET /BPS.pdf HTTP/3.0" 200 30182355 "-" "curl/8.3.0-DEV" "h3" "-""GET https://127.0.0.1/BPS.pdf 940298adef449129e85971388e20c68a 179149 1693887179.578 0.167 - - - "/var/www/html/BPS.pdf" OKTLSv1.3/TLS_AES_128_GCM_SHA256
root@ubuntu:~# date
Tue Sep  5 04:13:24 AM UTC 2023

@chengr28
Copy link

chengr28 commented Sep 6, 2023

Hi team,

I also reproduce this issue, both --tls13-ciphers and --ciphers are not working when using HTTP/3.

Here is the curl version, the system is Windows 11:

>curl -V
curl 8.2.1 (x86_64-w64-mingw32) libcurl/8.2.1 OpenSSL/3.1.2 (Schannel) zlib/1.3 brotli/1.0.9 zstd/1.5.5 WinIDN libssh2/1.11.0 nghttp2/1.55.1 ngtcp2/0.18.0 nghttp3/0.14.0 libgsasl/2.2.0
Release-Date: 2023-07-26
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets zstd

Below is some request log:

>curl -v --http3-only --tls13-ciphers "TLS_CHACHA20_POLY1305_SHA256" --ciphers "TLS_CHACHA20_POLY1305_SHA256" https://www.cloudflare.com
* processing: https://www.cloudflare.com
*   Trying [<server_ip_address>]:443...
*  CAfile: <curl_location>\curl-ca-bundle.crt
*  CApath: none
*   Trying <server_ip_address>:443...
*  subjectAltName: host "www.cloudflare.com" matched cert's "www.cloudflare.com"
* Verified certificate just fine
* Connected to www.cloudflare.com (<server_ip_address>) port 443
* using HTTP/3
* Using HTTP/3 Stream ID: 0
> GET / HTTP/3
> Host: www.cloudflare.com
> User-Agent: curl/8.2.1
> Accept: */*
>
< HTTP/3 200
...

Also captured the QUIC packet:

QUIC IETF
    QUIC Connection information
...
        TLSv1.3 Record Layer: Handshake Protocol: Client Hello
            Handshake Protocol: Client Hello
                ...
                Cipher Suites Length: 10
                Cipher Suites (5 suites)
                    Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
                    Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
                    Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
                    Cipher Suite: TLS_AES_128_CCM_SHA256 (0x1304)
                    Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

It seems above 4 cipher suite was "locked" even set cipher to TLS_CHACHA20_POLY1305_SHA256 only ("TLS_AES_128_CCM_SHA256" only, and others). The server perfers to use the first cipher suite from ClientHello, so that TLS_AES_128_GCM_SHA256 was used.

Not sure if any other options can do. The --tls13-ciphers and --ciphers work fine when using TCP TLS connections.

I hope this may help you, thanks.

@Karthikdasari0423
Copy link
Contributor Author

Hi @chengr28

Thank you for checking this from your side also.

@bagder any comments or workaround on this would be helpful

@chengr28
Copy link

chengr28 commented Sep 6, 2023

Oh, I found the --curves option is also not working in HTTP/3 connection. Just set --curves to x25519, secp256r1, or others.

QUIC IETF
    QUIC Connection information
    ...
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        ...
        TLSv1.3 Record Layer: Handshake Protocol: Client Hello
            Handshake Protocol: Client Hello
                ...
                Extension: supported_groups (len=10)
                    Type: supported_groups (10)
                    Length: 10
                    Supported Groups List Length: 8
                    Supported Groups (4 groups)
                        Supported Group: secp256r1 (0x0017)
                        Supported Group: x25519 (0x001d)
                        Supported Group: secp384r1 (0x0018)
                        Supported Group: secp521r1 (0x0019)
...

@Karthikdasari0423
Copy link
Contributor Author

okay,Thank you @chengr28

bagder added a commit that referenced this issue Sep 12, 2023
@bagder
quic: set ciphers/curves the same way regular TLS does
16a13f3 
for OpenSSL/BoringSSL

Fixes #11796
Reported-by: Karthikdasari0423 on github
@bagder bagder mentioned this issue Sep 12, 2023
Closed
bagder added a commit that referenced this issue Sep 12, 2023
@bagder
quic: set ciphers/curves the same way regular TLS does
09059b0 
for OpenSSL/BoringSSL

Fixes #11796
Reported-by: Karthikdasari0423 on github
bagder added a commit that referenced this issue Sep 22, 2023
@bagder
quic: set ciphers/curves the same way regular TLS does
1c8ba65 
for OpenSSL/BoringSSL

Fixes #11796
Reported-by: Karthikdasari0423 on github
@bagder bagder closed this as completed in aa9a6a1 Sep 23, 2023
@Karthikdasari0423
Copy link
Contributor Author

Thank you @bagder

ptitSeb pushed a commit to wasix-org/curl that referenced this issue Sep 25, 2023
@bagder @ptitSeb
quic: set ciphers/curves the same way regular TLS does
cbc7c67 
for OpenSSL/BoringSSL

Fixes curl#11796
Reported-by: Karthikdasari0423 on github
Assisted-by: Jay Satiro
Closes curl#11836
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
HTTP/3 h3 or quic related TLS
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

quic: set ciphers/curves the same way regular TLS does curl/curl
4 participants
@bagder @dfandrich @chengr28 @Karthikdasari0423