Haproxy, openssl 1.1 and ECDSA certs


After upgrading my haproxy machine to the beta of openSUSE Leap 15.0 ssl connections did not work anymore. A lot of debugging and testing later, I did a rebuild with openssl 1.0 and it all started working again.
Also RSA certificates were just working. If you have similar issues you might also run into:

The workaround for me was to configure the same curve as used in my SSL cert.

$ openssl x509 -noout -text -in /path/to/cert.pem | grep -B1 'NIST CURVE'
                ASN1 OID: secp384r1 <-
                NIST CURVE: P-384

Then add the curves parameter to your bind line:

bind   tfo ssl alpn h2,http/1.1 npn h2,http/1.1 crt /path/to/certs/ curves secp384r1
bind :::443 v6only tfo ssl alpn h2,http/1.1 npn h2,http/1.1 crt /path/to/certs/ curves secp384r1

Of course this workaround only works if all your certs use the same curve. Or you will have to do different bind statements for each certificate.


A bit more digging showed …

nginx and haproxy both do:

SSL_CTX_set_ecdh_auto(ctx, 1);

nginx then checks if the config value is “auto”, which seems to be the default, and jumps out of the configuration function. haproxy on the other hand will always set a curve and if nothing is configured it will set prime256v1 as default.

Would it be possible to change the code to only set the curve via SSL_CTX_set_tmp_ecdh if it was also manually configured and sticking to SSL_CTX_set_ecdh_auto by default?

both calls to SSL_CTX_set_tmp_ecdh could probably encapsulated into a function which does all the config fallback handling.

And the documentation should probably warn that in the case of openssl 1.1 the curves parameter has to match the curve of the ECDSA key or left out.


Thanks for your analysis.

This is development related and should be discussed on the mailing list. Can you send your proposals there and also CC the maintainer of the SSL subsystem (check MAINTAINERS).