nginx.git/src/event, branch release-1.15.8 nginx SSL: avoid reading on pending SSL_write_early_data(). 2018-12-18T12:15:15+00:00 Sergey Kandaurov pluknet@nginx.com 2018-12-18T12:15:15+00:00 2a11bf0f77358a1116b3ef56c949b242582e798c If SSL_write_early_data() returned SSL_ERROR_WANT_WRITE, stop further reading using a newly introduced c->ssl->write_blocked flag, as otherwise this would result in SSL error "ssl3_write_bytes:bad length". Eventually, normal reading will be restored by read event posted from successful SSL_write_early_data(). While here, place "SSL_write_early_data: want write" debug on the path. 
If SSL_write_early_data() returned SSL_ERROR_WANT_WRITE, stop further reading
using a newly introduced c->ssl->write_blocked flag, as otherwise this would
result in SSL error "ssl3_write_bytes:bad length".  Eventually, normal reading
will be restored by read event posted from successful SSL_write_early_data().

While here, place "SSL_write_early_data: want write" debug on the path.
Core: ngx_explicit_memzero(). 2018-11-15T18:28:02+00:00 Maxim Dounin mdounin@mdounin.ru 2018-11-15T18:28:02+00:00 6c3838f9ed45f5c2aa6a971a0da3cb6ffe45b61e 






Stream: proxy_requests directive.
2018-11-12T13:29:30+00:00

Vladimir Homutov
vl@nginx.com

2018-11-12T13:29:30+00:00

41a451e286cb6de9e0a0ad97f91a1dcac17ef68f

The directive allows to drop binding between a client and existing UDP stream
session after receiving a specified number of packets.  First packet from the
same client address and port will start a new session.  Old session continues
to exist and will terminate at moment defined by configuration: either after
receiving the expected number of responses, or after timeout, as specified by
the "proxy_responses" and/or "proxy_timeout" directives.

By default, proxy_requests is zero (disabled).





The directive allows to drop binding between a client and existing UDP stream
session after receiving a specified number of packets.  First packet from the
same client address and port will start a new session.  Old session continues
to exist and will terminate at moment defined by configuration: either after
receiving the expected number of responses, or after timeout, as specified by
the "proxy_responses" and/or "proxy_timeout" directives.

By default, proxy_requests is zero (disabled).







Stream: fixed possible use of a freed connection.
2018-11-07T10:22:14+00:00

Vladimir Homutov
vl@nginx.com

2018-11-07T10:22:14+00:00

7e3041b79f5b4ae90c1b61c4489f24c2b4d5efc7

The session handler may result in session termination, thus a connection
pool (from which c->udp was allocated) may be destroyed.





The session handler may result in session termination, thus a connection
pool (from which c->udp was allocated) may be destroyed.







A minor code clean for macro ngx_event_get_conf in ngx_event.h.
2018-10-19T05:50:36+00:00

chronolaw
chronolaw@gmail.com

2018-10-19T05:50:36+00:00

f3ed2fc356dfd9546d4a9977f4a263fb963b1c9e












SSL: explicitly set maximum version (ticket #1654).
2018-10-23T19:11:48+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-10-23T19:11:48+00:00

471d077fdd9f677da80d6a8a34ac76c44e201872

With maximum version explicitly set, TLSv1.3 will not be unexpectedly
enabled if nginx compiled with OpenSSL 1.1.0 (without TLSv1.3 support)
will be run with OpenSSL 1.1.1 (with TLSv1.3 support).





With maximum version explicitly set, TLSv1.3 will not be unexpectedly
enabled if nginx compiled with OpenSSL 1.1.0 (without TLSv1.3 support)
will be run with OpenSSL 1.1.1 (with TLSv1.3 support).







Upstream: proxy_socket_keepalive and friends.
2018-10-03T11:08:51+00:00

Vladimir Homutov
vl@nginx.com

2018-10-03T11:08:51+00:00

1305b8414d22610b0820f6df5841418bf98fc370

The directives enable the use of the SO_KEEPALIVE option on
upstream connections.  By default, the value is left unchanged.





The directives enable the use of the SO_KEEPALIVE option on
upstream connections.  By default, the value is left unchanged.







SSL: fixed unlocked access to sess_id->len.
2018-09-25T11:07:59+00:00

Ruslan Ermilov
ru@nginx.com

2018-09-25T11:07:59+00:00

a50dec6d6ac480b70b4fdf51507a1eda8a015e1b












SSL: logging level of "no suitable signature algorithm".
2018-09-25T11:00:04+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-09-25T11:00:04+00:00

b7edec61c3f37ebce5f55c4ec613b2275c11a7d7

The "no suitable signature algorithm" errors are reported by OpenSSL 1.1.1
when using TLSv1.3 if there are no shared signature algorithms.  In
particular, this can happen if the client limits available signature
algorithms to something we don't have a certificate for, or to an empty
list.  For example, the following command:

    openssl s_client -connect 127.0.0.1:8443 -sigalgs rsa_pkcs1_sha1

will always result in the "no suitable signature algorithm" error
as the "rsa_pkcs1_sha1" algorithm refers solely to signatures which
appear in certificates and not defined for use in TLS 1.3 handshake
messages.

The SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS error is what BoringSSL returns
in the same situation.





The "no suitable signature algorithm" errors are reported by OpenSSL 1.1.1
when using TLSv1.3 if there are no shared signature algorithms.  In
particular, this can happen if the client limits available signature
algorithms to something we don't have a certificate for, or to an empty
list.  For example, the following command:

    openssl s_client -connect 127.0.0.1:8443 -sigalgs rsa_pkcs1_sha1

will always result in the "no suitable signature algorithm" error
as the "rsa_pkcs1_sha1" algorithm refers solely to signatures which
appear in certificates and not defined for use in TLS 1.3 handshake
messages.

The SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS error is what BoringSSL returns
in the same situation.







SSL: logging level of "no suitable key share".
2018-09-25T10:59:53+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-09-25T10:59:53+00:00

31ef0c47ca676c6640dc535fd5720a831b4c046c

The "no suitable key share" errors are reported by OpenSSL 1.1.1 when
using TLSv1.3 if there are no shared groups (that is, elliptic curves).
In particular, it is easy enough to trigger by using only a single
curve in ssl_ecdh_curve:

    ssl_ecdh_curve secp384r1;

and using a different curve in the client:

    openssl s_client -connect 127.0.0.1:443 -curves prime256v1

On the client side it is seen as "sslv3 alert handshake failure",
"SSL alert number 40":

0:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1528:SSL alert number 40

It can be also triggered with default ssl_ecdh_curve by using a curve
which is not in the default list (X25519, prime256v1, X448, secp521r1,
secp384r1):

    openssl s_client -connect 127.0.0.1:8443 -curves brainpoolP512r1

Given that many clients hardcode prime256v1, these errors might become
a common problem with TLSv1.3 if ssl_ecdh_curve is redefined.  Previously
this resulted in not using ECDH with such clients, but with TLSv1.3 it
is no longer possible and will result in a handshake failure.

The SSL_R_NO_SHARED_GROUP error is what BoringSSL returns in the same
situation.

Seen at:

https://serverfault.com/questions/932102/nginx-ssl-handshake-error-no-suitable-key-share





The "no suitable key share" errors are reported by OpenSSL 1.1.1 when
using TLSv1.3 if there are no shared groups (that is, elliptic curves).
In particular, it is easy enough to trigger by using only a single
curve in ssl_ecdh_curve:

    ssl_ecdh_curve secp384r1;

and using a different curve in the client:

    openssl s_client -connect 127.0.0.1:443 -curves prime256v1

On the client side it is seen as "sslv3 alert handshake failure",
"SSL alert number 40":

0:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1528:SSL alert number 40

It can be also triggered with default ssl_ecdh_curve by using a curve
which is not in the default list (X25519, prime256v1, X448, secp521r1,
secp384r1):

    openssl s_client -connect 127.0.0.1:8443 -curves brainpoolP512r1

Given that many clients hardcode prime256v1, these errors might become
a common problem with TLSv1.3 if ssl_ecdh_curve is redefined.  Previously
this resulted in not using ECDH with such clients, but with TLSv1.3 it
is no longer possible and will result in a handshake failure.

The SSL_R_NO_SHARED_GROUP error is what BoringSSL returns in the same
situation.

Seen at:

https://serverfault.com/questions/932102/nginx-ssl-handshake-error-no-suitable-key-share