Compare commits
merge into: 1berry:master
1berry:master
1berry:20250612-tls13-clienthello-ecdsa
1berry:20250612-quic-client-fixes-misc
1berry:quic-interop
1berry:20250611-quic-client
1berry:20250611-ssl-renegociate
1berry:20250526-quic-client
1berry:20250523-show-sess-addr-filter
1berry:20250513-quic-openssl-3.5.0
1berry:20250507-stick-tables-1
1berry:20250502-acme
1berry:20250428-acme
1berry:20250424-cli-cmdline-parsing
1berry:20250214-quic-on-streams
1berry:20250417-clienthello-rework-1
1berry:20250417-clienthello-rework-0
1berry:20250415-gcc-15-unittest
1berry:20250319-simplified-ckch_conf
1berry:20250304-ist-unittest
1berry:20250224-ocsp-wolfssl
1berry:20250217-crtlist-frontend
1berry:20241223-error-reporting-1
1berry:20250121-gh2839
1berry:20250106-clienthello-fetches
1berry:20250106-gh2833
1berry:20241212-bbr
1berry:ade-quic-implement-pacing-ns
1berry:quic-experiment-20241030-pacing-ms
1berry:ade-quic-implement-pacing-ms
1berry:quic-experiment-20241017-pacing-ns
1berry:fle-3.0.backports
1berry:20240806-traces-quic-5
1berry:next
1berry:v3.3-dev1
1berry:v3.3-dev0
1berry:v3.2.0
1berry:v3.2-dev17
1berry:v3.2-dev16
1berry:v3.2-dev15
1berry:v3.2-dev14
1berry:v3.2-dev13
1berry:v3.2-dev12
1berry:v3.2-dev11
1berry:v3.2-dev10
1berry:v3.2-dev9
1berry:v3.2-dev8
1berry:v3.2-dev7
1berry:v3.2-dev6
1berry:v3.2-dev5
1berry:v3.2-dev4
1berry:v3.2-dev3
1berry:v3.2-dev2
1berry:v3.2-dev1
1berry:v3.2-dev0
1berry:v3.1.0
1berry:v3.1-dev14
1berry:v3.1-dev13
1berry:v3.1-dev12
1berry:v3.1-dev11
1berry:v3.1-dev10
1berry:v3.1-dev9
1berry:v3.1-dev8
1berry:v3.1-dev7
1berry:v3.1-dev6
1berry:v3.1-dev5
1berry:v3.1-dev4
1berry:v3.1-dev3
1berry:v3.1-dev2
1berry:v3.1-dev1
1berry:v3.1-dev0
1berry:v3.0.0
1berry:v3.0-dev13
1berry:v3.0-dev12
1berry:v3.0-dev11
1berry:v3.0-dev10
1berry:v3.0-dev9
1berry:v3.0-dev8
1berry:v3.0-dev7
1berry:v3.0-dev6
1berry:v3.0-dev5
1berry:v3.0-dev4
1berry:v3.0-dev3
1berry:v3.0-dev2
1berry:v3.0-dev1
1berry:v3.0-dev0
1berry:v2.9.0
1berry:v2.9-dev12
1berry:v2.9-dev11
1berry:v2.9-dev10
1berry:v2.9-dev9
1berry:v2.9-dev8
1berry:v2.9-dev7
1berry:v2.9-dev6
1berry:v2.9-dev5
1berry:v2.9-dev4
1berry:v2.9-dev3
1berry:v2.9-dev2
1berry:v2.9-dev1
1berry:v2.9-dev0
1berry:v2.8.0
1berry:v2.8-dev13
1berry:v2.8-dev12
1berry:v2.8-dev11
1berry:v2.8-dev10
1berry:v2.8-dev9
1berry:v2.8-dev8
1berry:v2.8-dev7
1berry:v2.8-dev6
1berry:v2.8-dev5
1berry:v2.8-dev4
1berry:v2.8-dev3
1berry:v2.8-dev2
1berry:v2.8-dev1
1berry:v2.8-dev0
1berry:v2.7.0
1berry:v2.7-dev10
1berry:v2.7-dev9
1berry:v2.7-dev8
1berry:v2.7-dev7
1berry:v2.7-dev6
1berry:v2.7-dev5
1berry:v2.7-dev4
1berry:v2.7-dev3
1berry:v2.7-dev2
1berry:v2.7-dev1
1berry:v2.7-dev0
1berry:v2.6.0
1berry:v2.6-dev12
1berry:v2.6-dev11
1berry:v2.6-dev10
1berry:v2.6-dev9
1berry:v2.6-dev8
1berry:v2.6-dev7
1berry:v2.6-dev6
1berry:v2.6-dev5
1berry:v2.6-dev4
1berry:v2.6-dev3
1berry:v2.6-dev2
1berry:v2.6-dev1
1berry:v2.6-dev0
1berry:v2.5.0
1berry:v2.5-dev15
1berry:v2.5-dev14
1berry:v2.5-dev13
1berry:v2.5-dev12
1berry:v2.5-dev11
1berry:v2.5-dev10
1berry:v2.5-dev9
1berry:v2.5-dev8
1berry:v2.5-dev7
1berry:v2.5-dev6
1berry:v2.5-dev5
1berry:v2.5-dev4
1berry:v2.5-dev3
1berry:v2.5-dev2
1berry:v2.5-dev1
1berry:v2.5-dev0
1berry:v2.4.0
1berry:v2.4-dev19
1berry:v2.4-dev18
1berry:v2.4-dev17
1berry:v2.4-dev16
1berry:v2.4-dev15
1berry:v2.4-dev14
1berry:v2.4-dev13
1berry:v2.4-dev12
1berry:v2.4-dev11
1berry:v2.4-dev10
1berry:v2.4-dev9
1berry:v2.4-dev8
1berry:v2.4-dev7
1berry:v2.4-dev6
1berry:v2.4-dev5
1berry:v2.4-dev4
1berry:v2.4-dev3
1berry:v2.4-dev2
1berry:v2.4-dev1
1berry:v2.4-dev0
1berry:v2.3.0
1berry:v2.3-dev9
1berry:v2.3-dev8
1berry:v2.3-dev7
1berry:v2.3-dev6
1berry:v2.3-dev5
1berry:v2.3-dev4
1berry:v2.3-dev3
1berry:v2.3-dev2
1berry:v2.3-dev1
1berry:v2.3-dev0
1berry:v2.2.0
1berry:v2.2-dev12
1berry:v2.2-dev11
1berry:v2.2-dev10
1berry:v2.2-dev9
1berry:v2.2-dev8
1berry:v2.2-dev7
1berry:v2.2-dev6
1berry:v2.2-dev5
1berry:v2.2-dev4
1berry:v2.2-dev3
1berry:v2.2-dev2
1berry:v2.2-dev1
1berry:v2.2-dev0
1berry:v2.1.0
1berry:v2.1-dev5
1berry:v2.1-dev4
1berry:v2.1-dev3
1berry:v2.1-dev2
1berry:v2.1-dev1
1berry:v2.1-dev0
1berry:v2.0.0
1berry:v2.0-dev7
1berry:v2.0-dev6
1berry:v2.0-dev5
1berry:v2.0-dev4
1berry:v2.0-dev3
1berry:v2.0-dev2
1berry:v2.0-dev1
1berry:v2.0-dev0
1berry:v1.9.0
1berry:v1.9-dev11
1berry:v1.9-dev10
1berry:v1.9-dev9
1berry:v1.9-dev8
1berry:v1.9-dev7
1berry:v1.9-dev6
1berry:v1.9-dev5
1berry:v1.9-dev4
1berry:v1.9-dev3
1berry:v1.9-dev2
1berry:v1.9-dev1
1berry:v1.9-dev0
1berry:v1.8.0
1berry:v1.8-rc4
1berry:v1.8-rc3
1berry:v1.8-rc2
1berry:v1.8-rc1
1berry:v1.8-dev3
1berry:v1.8-dev2
1berry:v1.8-dev1
1berry:v1.8-dev0
1berry:v1.7.0
1berry:v1.7-dev6
1berry:v1.7-dev5
1berry:v1.7-dev4
1berry:v1.7-dev3
1berry:v1.7-dev2
1berry:v1.7-dev1
1berry:v1.7-dev0
1berry:v1.6.0
1berry:v1.6-dev7
1berry:v1.6-dev6
1berry:v1.6-dev5
1berry:v1.6-dev4
1berry:v1.6-dev3
1berry:v1.6-dev2
1berry:v1.6-dev1
1berry:v1.6-dev0
1berry:v1.5.0
1berry:v1.5-dev26
1berry:v1.5-dev25
1berry:v1.5-dev24
1berry:v1.5-dev23
1berry:v1.5-dev22
1berry:v1.5-dev21
1berry:v1.5-dev20
1berry:v1.5-dev19
1berry:v1.5-dev18
1berry:v1.5-dev17
1berry:v1.5-dev16
1berry:v1.5-dev15
1berry:v1.5-dev14
1berry:v1.5-dev13
1berry:v1.5-dev12
1berry:v1.5-dev10
1berry:v1.5-dev9
1berry:v1.5-dev8
1berry:v1.4.6
1berry:v1.4.5
1berry:v1.4.4
1berry:v1.4.3
1berry:v1.4.2
1berry:v1.4.1
1berry:v1.4.0
1berry:v1.4-rc1
1berry:v1.3.23
1berry:v1.4-dev8
1berry:v1.4-dev7
1berry:v1.4-dev6
1berry:v1.4-dev5
1berry:v1.3.15.11
1berry:v1.3.22
1berry:v1.4-dev4
1berry:v1.3.21
1berry:v1.4-dev3
1berry:v1.4-dev2
1berry:v1.3.20
1berry:v1.4-dev1
1berry:v1.3.14.14
1berry:v1.3.15.10
1berry:v1.3.19
1berry:v1.4-dev0
1berry:v1.3.14.13
1berry:v1.3.15.9
1berry:v1.3.18
1berry:v1.3.17
1berry:v1.3.16
1berry:v1.3.16-rc2
1berry:v1.3.16-rc1
1berry:v1.3.14.12
1berry:v1.3.15.8
1berry:v1.3.14.11
1berry:v1.3.15.7
1berry:v1.3.14.10
1berry:v1.3.15.6
1berry:v1.3.15.5
1berry:v1.3.14.9
1berry:v1.3.15.4
1berry:v1.3.14.8
1berry:v1.3.14.7
1berry:v1.3.15.3
1berry:v1.3.15.2
1berry:v1.3.14.6
1berry:v1.3.15.1
1berry:v1.3.14.5
1berry:v1.3.15
1berry:v1.3.14.4
1berry:v1.3.14.3
1berry:v1.3.13.2
1berry:v1.3.14.2
1berry:v1.3.14.1
1berry:v1.3.14
1berry:v1.3.13.1
1berry:v1.3.12.4
1berry:v1.3.13
1berry:v1.3.12.3
1berry:v1.3.12.2
1berry:v1.3.12.1
1berry:v1.3.12
1berry:v1.3.11.4
1berry:v1.3.11.3
1berry:v1.3.11.2
1berry:v1.3.11.1
1berry:v1.3.11
1berry:v1.3.10.2
1berry:v1.3.10.1
1berry:v1.3.10
1berry:v1.3.9
1berry:v1.3.8.2
1berry:v1.3.8.1
1berry:v1.3.8
1berry:v1.3.7
1berry:v1.3.6.1
1berry:v1.3.6
1berry:v1.3.5
1berry:v1.3.4
1berry:v1.3.3
1berry:v1.3.2
1berry:v1.3.1
1berry:v1.3.0
1berry:v1.2.14
1berry:v1.2.13.1
1berry:v1.2.13
1berry:v1.2.12
1berry:v1.2.11.1
1berry:v1.2.11
1berry:v1.2.10.1
1berry:v1.2.10
1berry:v1.2.9
1berry:v1.2.8
1berry:v1.2.7.1
1berry:v1.2.7
1berry:v1.2.7rc
1berry:v1.2.6
1berry:v1.2.6-pre5
1berry:v1.2.6-pre4
1berry:v1.2.5.2
1berry:v1.2.5.1
1berry:v1.2.5
1berry:v1.2.5-pre4
1berry:v1.2.5-pre3
1berry:v1.2.5-pre2
1berry:v1.2.5-pre1
1berry:v1.2.4
1berry:v1.2.3
1berry:v1.2.2
1berry:v1.2.1
1berry:v1.2.1-pre3
1berry:v1.2.1-pre2
1berry:v1.2.1-pre1
1berry:v1.2.0
1berry:v1.1.27
1berry:v1.1.26
1berry:v1.1.25
1berry:v1.1.24
1berry:v1.1.23
1berry:v1.1.22
1berry:v1.1.21
1berry:v1.1.20
1berry:v1.1.19
1berry:v1.1.18
1berry:v1.1.17
1berry:v1.1.16
1berry:v1.1.15
1berry:v1.1.14
1berry:v1.1.13
1berry:v1.1.12
1berry:v1.1.11
1berry:v1.1.10
1berry:v1.1.9
1berry:v1.1.8
1berry:v1.1.7
1berry:v1.1.6
1berry:v1.1.5
1berry:v1.1.4
1berry:v1.1.3
1berry:v1.1.2
1berry:v1.1.1
1berry:v1.1.0
1berry:v1.0.2
1berry:v1.0.1
1berry:v1.0.0
...
pull from: 1berry:20250612-tls13-clienthello-ecdsa
1berry:20250612-tls13-clienthello-ecdsa
1berry:20250612-quic-client-fixes-misc
1berry:master
1berry:quic-interop
1berry:20250611-quic-client
1berry:20250611-ssl-renegociate
1berry:20250526-quic-client
1berry:20250523-show-sess-addr-filter
1berry:20250513-quic-openssl-3.5.0
1berry:20250507-stick-tables-1
1berry:20250502-acme
1berry:20250428-acme
1berry:20250424-cli-cmdline-parsing
1berry:20250214-quic-on-streams
1berry:20250417-clienthello-rework-1
1berry:20250417-clienthello-rework-0
1berry:20250415-gcc-15-unittest
1berry:20250319-simplified-ckch_conf
1berry:20250304-ist-unittest
1berry:20250224-ocsp-wolfssl
1berry:20250217-crtlist-frontend
1berry:20241223-error-reporting-1
1berry:20250121-gh2839
1berry:20250106-clienthello-fetches
1berry:20250106-gh2833
1berry:20241212-bbr
1berry:ade-quic-implement-pacing-ns
1berry:quic-experiment-20241030-pacing-ms
1berry:ade-quic-implement-pacing-ms
1berry:quic-experiment-20241017-pacing-ns
1berry:fle-3.0.backports
1berry:20240806-traces-quic-5
1berry:next
1berry:v3.3-dev1
1berry:v3.3-dev0
1berry:v3.2.0
1berry:v3.2-dev17
1berry:v3.2-dev16
1berry:v3.2-dev15
1berry:v3.2-dev14
1berry:v3.2-dev13
1berry:v3.2-dev12
1berry:v3.2-dev11
1berry:v3.2-dev10
1berry:v3.2-dev9
1berry:v3.2-dev8
1berry:v3.2-dev7
1berry:v3.2-dev6
1berry:v3.2-dev5
1berry:v3.2-dev4
1berry:v3.2-dev3
1berry:v3.2-dev2
1berry:v3.2-dev1
1berry:v3.2-dev0
1berry:v3.1.0
1berry:v3.1-dev14
1berry:v3.1-dev13
1berry:v3.1-dev12
1berry:v3.1-dev11
1berry:v3.1-dev10
1berry:v3.1-dev9
1berry:v3.1-dev8
1berry:v3.1-dev7
1berry:v3.1-dev6
1berry:v3.1-dev5
1berry:v3.1-dev4
1berry:v3.1-dev3
1berry:v3.1-dev2
1berry:v3.1-dev1
1berry:v3.1-dev0
1berry:v3.0.0
1berry:v3.0-dev13
1berry:v3.0-dev12
1berry:v3.0-dev11
1berry:v3.0-dev10
1berry:v3.0-dev9
1berry:v3.0-dev8
1berry:v3.0-dev7
1berry:v3.0-dev6
1berry:v3.0-dev5
1berry:v3.0-dev4
1berry:v3.0-dev3
1berry:v3.0-dev2
1berry:v3.0-dev1
1berry:v3.0-dev0
1berry:v2.9.0
1berry:v2.9-dev12
1berry:v2.9-dev11
1berry:v2.9-dev10
1berry:v2.9-dev9
1berry:v2.9-dev8
1berry:v2.9-dev7
1berry:v2.9-dev6
1berry:v2.9-dev5
1berry:v2.9-dev4
1berry:v2.9-dev3
1berry:v2.9-dev2
1berry:v2.9-dev1
1berry:v2.9-dev0
1berry:v2.8.0
1berry:v2.8-dev13
1berry:v2.8-dev12
1berry:v2.8-dev11
1berry:v2.8-dev10
1berry:v2.8-dev9
1berry:v2.8-dev8
1berry:v2.8-dev7
1berry:v2.8-dev6
1berry:v2.8-dev5
1berry:v2.8-dev4
1berry:v2.8-dev3
1berry:v2.8-dev2
1berry:v2.8-dev1
1berry:v2.8-dev0
1berry:v2.7.0
1berry:v2.7-dev10
1berry:v2.7-dev9
1berry:v2.7-dev8
1berry:v2.7-dev7
1berry:v2.7-dev6
1berry:v2.7-dev5
1berry:v2.7-dev4
1berry:v2.7-dev3
1berry:v2.7-dev2
1berry:v2.7-dev1
1berry:v2.7-dev0
1berry:v2.6.0
1berry:v2.6-dev12
1berry:v2.6-dev11
1berry:v2.6-dev10
1berry:v2.6-dev9
1berry:v2.6-dev8
1berry:v2.6-dev7
1berry:v2.6-dev6
1berry:v2.6-dev5
1berry:v2.6-dev4
1berry:v2.6-dev3
1berry:v2.6-dev2
1berry:v2.6-dev1
1berry:v2.6-dev0
1berry:v2.5.0
1berry:v2.5-dev15
1berry:v2.5-dev14
1berry:v2.5-dev13
1berry:v2.5-dev12
1berry:v2.5-dev11
1berry:v2.5-dev10
1berry:v2.5-dev9
1berry:v2.5-dev8
1berry:v2.5-dev7
1berry:v2.5-dev6
1berry:v2.5-dev5
1berry:v2.5-dev4
1berry:v2.5-dev3
1berry:v2.5-dev2
1berry:v2.5-dev1
1berry:v2.5-dev0
1berry:v2.4.0
1berry:v2.4-dev19
1berry:v2.4-dev18
1berry:v2.4-dev17
1berry:v2.4-dev16
1berry:v2.4-dev15
1berry:v2.4-dev14
1berry:v2.4-dev13
1berry:v2.4-dev12
1berry:v2.4-dev11
1berry:v2.4-dev10
1berry:v2.4-dev9
1berry:v2.4-dev8
1berry:v2.4-dev7
1berry:v2.4-dev6
1berry:v2.4-dev5
1berry:v2.4-dev4
1berry:v2.4-dev3
1berry:v2.4-dev2
1berry:v2.4-dev1
1berry:v2.4-dev0
1berry:v2.3.0
1berry:v2.3-dev9
1berry:v2.3-dev8
1berry:v2.3-dev7
1berry:v2.3-dev6
1berry:v2.3-dev5
1berry:v2.3-dev4
1berry:v2.3-dev3
1berry:v2.3-dev2
1berry:v2.3-dev1
1berry:v2.3-dev0
1berry:v2.2.0
1berry:v2.2-dev12
1berry:v2.2-dev11
1berry:v2.2-dev10
1berry:v2.2-dev9
1berry:v2.2-dev8
1berry:v2.2-dev7
1berry:v2.2-dev6
1berry:v2.2-dev5
1berry:v2.2-dev4
1berry:v2.2-dev3
1berry:v2.2-dev2
1berry:v2.2-dev1
1berry:v2.2-dev0
1berry:v2.1.0
1berry:v2.1-dev5
1berry:v2.1-dev4
1berry:v2.1-dev3
1berry:v2.1-dev2
1berry:v2.1-dev1
1berry:v2.1-dev0
1berry:v2.0.0
1berry:v2.0-dev7
1berry:v2.0-dev6
1berry:v2.0-dev5
1berry:v2.0-dev4
1berry:v2.0-dev3
1berry:v2.0-dev2
1berry:v2.0-dev1
1berry:v2.0-dev0
1berry:v1.9.0
1berry:v1.9-dev11
1berry:v1.9-dev10
1berry:v1.9-dev9
1berry:v1.9-dev8
1berry:v1.9-dev7
1berry:v1.9-dev6
1berry:v1.9-dev5
1berry:v1.9-dev4
1berry:v1.9-dev3
1berry:v1.9-dev2
1berry:v1.9-dev1
1berry:v1.9-dev0
1berry:v1.8.0
1berry:v1.8-rc4
1berry:v1.8-rc3
1berry:v1.8-rc2
1berry:v1.8-rc1
1berry:v1.8-dev3
1berry:v1.8-dev2
1berry:v1.8-dev1
1berry:v1.8-dev0
1berry:v1.7.0
1berry:v1.7-dev6
1berry:v1.7-dev5
1berry:v1.7-dev4
1berry:v1.7-dev3
1berry:v1.7-dev2
1berry:v1.7-dev1
1berry:v1.7-dev0
1berry:v1.6.0
1berry:v1.6-dev7
1berry:v1.6-dev6
1berry:v1.6-dev5
1berry:v1.6-dev4
1berry:v1.6-dev3
1berry:v1.6-dev2
1berry:v1.6-dev1
1berry:v1.6-dev0
1berry:v1.5.0
1berry:v1.5-dev26
1berry:v1.5-dev25
1berry:v1.5-dev24
1berry:v1.5-dev23
1berry:v1.5-dev22
1berry:v1.5-dev21
1berry:v1.5-dev20
1berry:v1.5-dev19
1berry:v1.5-dev18
1berry:v1.5-dev17
1berry:v1.5-dev16
1berry:v1.5-dev15
1berry:v1.5-dev14
1berry:v1.5-dev13
1berry:v1.5-dev12
1berry:v1.5-dev10
1berry:v1.5-dev9
1berry:v1.5-dev8
1berry:v1.4.6
1berry:v1.4.5
1berry:v1.4.4
1berry:v1.4.3
1berry:v1.4.2
1berry:v1.4.1
1berry:v1.4.0
1berry:v1.4-rc1
1berry:v1.3.23
1berry:v1.4-dev8
1berry:v1.4-dev7
1berry:v1.4-dev6
1berry:v1.4-dev5
1berry:v1.3.15.11
1berry:v1.3.22
1berry:v1.4-dev4
1berry:v1.3.21
1berry:v1.4-dev3
1berry:v1.4-dev2
1berry:v1.3.20
1berry:v1.4-dev1
1berry:v1.3.14.14
1berry:v1.3.15.10
1berry:v1.3.19
1berry:v1.4-dev0
1berry:v1.3.14.13
1berry:v1.3.15.9
1berry:v1.3.18
1berry:v1.3.17
1berry:v1.3.16
1berry:v1.3.16-rc2
1berry:v1.3.16-rc1
1berry:v1.3.14.12
1berry:v1.3.15.8
1berry:v1.3.14.11
1berry:v1.3.15.7
1berry:v1.3.14.10
1berry:v1.3.15.6
1berry:v1.3.15.5
1berry:v1.3.14.9
1berry:v1.3.15.4
1berry:v1.3.14.8
1berry:v1.3.14.7
1berry:v1.3.15.3
1berry:v1.3.15.2
1berry:v1.3.14.6
1berry:v1.3.15.1
1berry:v1.3.14.5
1berry:v1.3.15
1berry:v1.3.14.4
1berry:v1.3.14.3
1berry:v1.3.13.2
1berry:v1.3.14.2
1berry:v1.3.14.1
1berry:v1.3.14
1berry:v1.3.13.1
1berry:v1.3.12.4
1berry:v1.3.13
1berry:v1.3.12.3
1berry:v1.3.12.2
1berry:v1.3.12.1
1berry:v1.3.12
1berry:v1.3.11.4
1berry:v1.3.11.3
1berry:v1.3.11.2
1berry:v1.3.11.1
1berry:v1.3.11
1berry:v1.3.10.2
1berry:v1.3.10.1
1berry:v1.3.10
1berry:v1.3.9
1berry:v1.3.8.2
1berry:v1.3.8.1
1berry:v1.3.8
1berry:v1.3.7
1berry:v1.3.6.1
1berry:v1.3.6
1berry:v1.3.5
1berry:v1.3.4
1berry:v1.3.3
1berry:v1.3.2
1berry:v1.3.1
1berry:v1.3.0
1berry:v1.2.14
1berry:v1.2.13.1
1berry:v1.2.13
1berry:v1.2.12
1berry:v1.2.11.1
1berry:v1.2.11
1berry:v1.2.10.1
1berry:v1.2.10
1berry:v1.2.9
1berry:v1.2.8
1berry:v1.2.7.1
1berry:v1.2.7
1berry:v1.2.7rc
1berry:v1.2.6
1berry:v1.2.6-pre5
1berry:v1.2.6-pre4
1berry:v1.2.5.2
1berry:v1.2.5.1
1berry:v1.2.5
1berry:v1.2.5-pre4
1berry:v1.2.5-pre3
1berry:v1.2.5-pre2
1berry:v1.2.5-pre1
1berry:v1.2.4
1berry:v1.2.3
1berry:v1.2.2
1berry:v1.2.1
1berry:v1.2.1-pre3
1berry:v1.2.1-pre2
1berry:v1.2.1-pre1
1berry:v1.2.0
1berry:v1.1.27
1berry:v1.1.26
1berry:v1.1.25
1berry:v1.1.24
1berry:v1.1.23
1berry:v1.1.22
1berry:v1.1.21
1berry:v1.1.20
1berry:v1.1.19
1berry:v1.1.18
1berry:v1.1.17
1berry:v1.1.16
1berry:v1.1.15
1berry:v1.1.14
1berry:v1.1.13
1berry:v1.1.12
1berry:v1.1.11
1berry:v1.1.10
1berry:v1.1.9
1berry:v1.1.8
1berry:v1.1.7
1berry:v1.1.6
1berry:v1.1.5
1berry:v1.1.4
1berry:v1.1.3
1berry:v1.1.2
1berry:v1.1.1
1berry:v1.1.0
1berry:v1.0.2
1berry:v1.0.1
1berry:v1.0.0
1 Commits
master
...
20250612-t
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
William Lallemand
|
96d75e6d86 |
BUG/MEDIUM: ssl/clienthello: ECDSA with ssl-max-ver TLSv1.2 and no ECDSA ciphers
Patch 23093c72 ("BUG/MINOR: ssl: suboptimal certificate selection with TLSv1.3
and dual ECDSA/RSA") introduced a problem when prioritizing the ECDSA
with TLSv1.3.
Indeed, when a client with TLSv1.3 capabilities announce a list of
ECDSA sigalgs, a list of TLSv1.3 ciphersuites compatible with ECDSA,
but only RSA ciphers for TLSv1.2, and haproxy is configured to a
ssl-max-ver TLSv1.2, then haproxy would use the ECDSA keypair, but the
client wouldn't be able to process it because TLSv1.2 was negociated.
HAProxy would be configured like that:
ssl-default-bind-options ssl-max-ver TLSv1.2
And a client could be used this way:
openssl s_client -connect localhost:8443 -cipher ECDHE-ECDSA-AES128-GCM-SHA256 \
-ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
This patch fixes the issue by checking if TLSv1.3 was configured before
allowing ECDSA is an TLSv1.3 ciphersuite is in the list.
This could be backported where 23093c72 ("BUG/MINOR: ssl: suboptimal
certificate selection with TLSv1.3 and dual ECDSA/RSA") was backported.
However this is quite sensible and we should wait a bit before the
backport.
This should fix issue #2988
|
1 changed files with 10 additions and 2 deletions
|
|
@ -396,8 +396,16 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
|
|||
if (cipher_id == SSL3_CK_SCSV || cipher_id == SSL3_CK_FALLBACK_SCSV)
|
||||
continue;
|
||||
|
||||
if (SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa
|
||||
|| SSL_CIPHER_get_auth_nid(cipher) == NID_auth_any) {
|
||||
if (SSL_CIPHER_get_auth_nid(cipher) == NID_auth_ecdsa) {
|
||||
has_ecdsa_sig = 1;
|
||||
break;
|
||||
}
|
||||
if (SSL_CIPHER_get_auth_nid(cipher) == NID_auth_any &&
|
||||
s->ssl_conf.ssl_methods.max >= CONF_TLSV13) {
|
||||
/* Checking for TLSv1.3 ciphersuites require to check that we allow TLSv1.3, otherwise it would
|
||||
* chose an ECDSA cipher because of the TLS13 ciphersuites, but the TLS12 ciphers could
|
||||
* lack ECDSA capabilities.
|
||||
*/
|
||||
has_ecdsa_sig = 1;
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
Write
Preview
Loading…
x
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.