[openssl-users] Problems with OpenSSL 1.0.2 h

Benjamin Kaduk bkaduk at akamai.com
Wed May 4 16:04:41 UTC 2016


Hello,

On 05/04/2016 05:21 AM, Dirk Menstermann wrote:
> Hi,
>
> I've trouble with the newest OpenSSL as I'm operating a webserver application
> that answers with HTTP1.x and HTTP2.
>
> I registered the ALPN callback and in this the cipher list was adjusted
> "SSL_set_cipher_list (ssl, "ECDHE-RSA-AES128-GCM-SHA256")" if H2 was negotiated.
>
> With versions < OpenSSL 1.0.2h this works, but now it seems that this cipher
> selection will be ignored, resulting in using a cipher that is black listed for
> HTTP2 (Firefox and Chrome refuse to connect)
>
> Was there an indented change or is there an official way to select the cipher
> based on the ALPN extension value?
>

There was an intended change to the order in which ALPN extensions were
processed, see
https://github.com/openssl/openssl/commit/af2db04c9979554ada88d969da6332a827a47599
-- ALPN is now processed after SNI, since the ALPN callback is attached
to the SSL_CTX, and SNI processing is likely to swap out the SSL_CTX in
use.  It does look like "late" TLS extensions are now handled after
cipher selection, so the ALPN callback can no longer affect the
negotiated cipher.

Even at the specification level, how all the TLS extensions are supposed
to interact with each other and the rest of the handshake is not
terribly well specified, so adding -dev to discuss what the desired
behavior actually is.

-Ben


More information about the openssl-users mailing list