TLS1.3 not operating in V1.8.14

Hi All,

Hope I am not doing anything daft, but seems that I cannot get TLS1.3 to work in a self-compiled version of HAProxy 1.8.14 (with static OpenSSL 1.1.1)

When I try link using a browser, I just get TLS1.2 reported.
Sure enough, when I run nmap --script ssl-enum-ciphers I get;

443/tcp open https
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

         compressors:
             NULL
         cipher preference: server

I also tried adding the force-tlsv13 directive, and then re-ran the above, result being that no ciphers were offered, which I think demonstrates that the TLS1.3 ciphers are not being selected.

A rough (redacted) version of the config I am running is as follows;

global
maxconn 4096
tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11

frontend gateway-main-secure-frontend
bind LBVIP:443 ssl crt /etc/haproxy/certs

Here’s the version dump:

haproxy -vv
HA-Proxy version 1.8.14-52e4d43 2018/09/20
Copyright 2000-2018 Willy Tarreau willy@haproxy.org

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-format-truncation -Wno-null-dereference -Wno-unused-label
OPTIONS = USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_STATIC_PCRE2=1 USE_PCRE2_JIT=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.1 11 Sep 2018
Running on OpenSSL version : OpenSSL 1.1.1 11 Sep 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with Lua version : Lua 5.3.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE2 version : 10.31 2018-02-12
PCRE2 library supports JIT : yes
Built without compression support (neither USE_ZLIB nor USE_SLZ are set).
Compression algorithms supported : identity(“identity”)
Built with network namespace support.

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace

And here is my build options;

sudo ./config --prefix=/blah/openssl/1.1.1/target --openssldir=/blah/openssl/1.1.1/target no-shared no-ssl2 no-ssl3 no-weak-ssl-ciphers
sudo make
sudo make install

sudo make clean
sudo make TARGET=linux2628 USE_OPENSSL=1 SSL_LIB=/blah/openssl/1.1.1/target/lib SSL_INC=/blah/openssl/1.1.1/target/include ADDLIB=-lpthread USE_STATIC_PCRE2=1 USE_PCRE2_JIT=1 PCRE2_LIB=/blah/pcre2/10.31/target/lib PCRE2_INC=/blah/pcre2/10.31/target/include USE_LUA=1 USE_SYSTEMD=1
sudo make install

Any ideas what I might be doing wrong? Thanks in advance

Build looks fine, the configuration is not completely correct, in that there are no ciphers like “TLS13-AES-256-GCM-SHA384” (please see man 1 ciphers), and also, you cannot specify them with the ciphers or ssl-default-bind-ciphers keyword, as they are only for TLSv1.2 and below.

However, OpenSSL has the default TLSv1.3 ciphersuites:
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"

which works just fine.

What exact browser, in what release and on what OS? Only Chrome 70 currently supports TLSv1.3, Firefox has yet to release v63 with TLSv1.3 support. Note that pre-standard draft implementations are not compatible with OpenSSL 1.1.1. So just because it works with Cloudflare, doesn’t mean it will work with OpenSSL. Also you may have TLS intercepting middleboxes in between the server and you, so watch out for that.

I suggest you run the openssl 1.1.1 client locally (not crossing any networks, not using any browsers):

/blah/openssl/1.1.1/target/bin/openssl s_client -connect <hostname>:443 -servername <hostname>

Haproxy v1.8.15 will introduce support for the new OpenSSL API to configure TLSv1.3 ciphersuites, you can check the documentation here: ssl-default-bind-ciphersuites.

If you want to test this now, you can grab the current 1.8 snapshot (which is unreleased, but still a stable branch, so it’s not like you are using a bleeding edge development tree):
http://www.haproxy.org/download/1.8/src/snapshot/haproxy-ss-20181017.tar.gz

However, that is not your problem. Likely your test tools miss support of the (real, standardized) TLSv1.3.

“Likely your test tools miss support of the (real, standardized) TLSv1.3.”

Doh (slaps head…) - I’m sorry to waste your time. That is exactly what it was. So I recognised that indeed in Chrome 70 there is some TLS1.3 activity going on there. Mainly, once I had gotten OpenSSL as a standalone client working at 1.1.1, then all was revealed.
Coincidentally, Firefox 63 went to general release yesterday I think, and as you had stated, the full TLS1.3 implementation is there, and I can see that now reflected in the protocol negotiation.
I will however look at 1.8.15 - I did see a note about the control of the ciphers being made available separately…
Thanks for giving me the sense check… appreciated!

Best Regards

Andy

I have the same problem. Has your problem been resolved?

@santory there was no problem, other than that browser did not yet support the proper standard, as you can read from the posts above.

Please open a new thread, along with the output of haproxy -vv, if you have a problem with this.

haproxy -vv
HA-Proxy version 1.8.13 2018/07/30
Copyright 2000-2018 Willy Tarreau willy@haproxy.org

Build options :
TARGET = linux2628
CPU = native
CC = gcc
CFLAGS = -O2 -march=native -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -fno-strict-overflow -Wno-format-truncation -Wno-null-dereference -Wno-unused-label
OPTIONS = USE_OPENSSL=1 USE_PCRE2=1 USE_PCRE2_JIT=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.1a 20 Nov 2018
Running on OpenSSL version : OpenSSL 1.1.1a 20 Nov 2018
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE2 version : 10.31 2018-02-12
PCRE2 library supports JIT : yes
Built without compression support (neither USE_ZLIB nor USE_SLZ are set).
Compression algorithms supported : identity(“identity”)
Built with network namespace support.

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace

file config haproxy :
global
log 127.0.0.1 local2

chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user        haproxy
group       haproxy
daemon
stats socket /var/lib/haproxy/stats

    ssl-default-server-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256

defaults
mode http
log global
option httplog

frontend fe_myapp
bind :::443 v4v6 tfo ssl crt /etc/haproxy/certificate.pem alpn h2,http/1.1
bind :80

http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;

use_backend be_dummy if !{ ssl_fc }
default_backend be_myapp

backend be_myapp
server s1 192.168.103.31:8080

backend be_dummy
server haproxy_fe_dummy_ssl_redirect 127.0.0.1:8000

frontend fe_dummy
bind 127.0.0.1:8000
http-request redirect scheme https

@santory Please actually read the previous posts, I already explained why there are no TLS13 ciphers and why this configuration is wrong.

Also clarify how exactly are you testing this (which tool/browser in what exact version).

I changed the configuration as follows. The Chrome OS testing tool is version 71.Test result attached
But it was not.

tls1.3.png1600×1200 472 KB

global
log 127.0.0.1 local2

chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user        haproxy
group       haproxy
daemon
stats socket /var/lib/haproxy/stats

tune.ssl.default-dh-param 2048
ssl-default-bind-ciphers TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:EECDH+AESGCM:EECDH+CHACHA20
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
defaults
mode http
log global
option httplog

frontend fe_myapp
bind :::443 v4v6 tfo ssl crt /etc/haproxy/certificate.pem alpn h2,http/1.1
bind :80

http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;

use_backend be_dummy if !{ ssl_fc }
default_backend be_myapp

backend be_myapp
server s1 192.168.103.31:8080

backend be_dummy
server haproxy_fe_dummy_ssl_redirect 127.0.0.1:8000

frontend fe_dummy
bind 127.0.0.1:8000
http-request redirect scheme https

Please help me solve this problem

Use your locally compiled openssl 1.1.1 against the server (not crossing any networks, not using any browsers):

/blah/openssl/1.1.1/target/bin/openssl s_client -connect <hostname>:443 -servername <hostname>

You may have Software Firewall, Security Suites or other software on your PC, intercepting port 443 traffic and reencrypting it. Or the same in hardware (hardware firewalls or other security solutions). Running the openssl client command on the same node will bypass all that possible interference.

tank you for helping
I install haproxy and openssl with step flow . Its done. tank you

#########################install openssl#########################
wget https://www.openssl.org/source/openssl-1.1.1.tar.gz

tar -xvf openssl-1.1.1.tar.gz
cd openssl-1.1.1/
sudo apt-get install make
sudo apt-get install gcc
sudo apt-get install perl
sudo apt install build-essential libpcre2-dev zlib1g-dev
sudo ./config --prefix=/blah/openssl/1.1.1/target --openssldir=/blah/openssl/1.1.1/target no-shared no-ssl2 no-ssl3 no-weak-ssl-ciphers

sudo make
sudo make install

######################################End of openssl############
##################install haproxy#############################

wget https://www.haproxy.org/download/1.8/src/haproxy-1.8.13.tar.gz
tar -xvf haproxy-1.8.13.tar.gz
cd haproxy-1.8.13/
sudo make clean
sudo make TARGET=linux2628 USE_OPENSSL=1 SSL_LIB=/blah/openssl/1.1.1/target/lib SSL_INC=/blah/openssl/1.1.1/target/include ADDLIB=-lpthread USE_PCRE2=1 USE_PCRE2_JIT=1

sudo make install

sudo -i
id -u haproxy &> /dev/null || useradd -s /usr/sbin/nologin -r haproxy
cd /home/heni/haproxy-1.8.13/
cp haproxy /usr/sbin/
cd /usr/share/doc/
mkdir haproxy
wget -qO - https://raw.githubusercontent.com/horms/haproxy/master/doc/configuration.txt | gzip -c > /usr/share/doc/haproxy/configuration.txt.gz

sudo wget https://gist.githubusercontent.com/tmidi/1699a358533ae876513e2887fec6fbe2/raw/6c07ce39adc56c731d2bbeb88b90d8bbc636f3ea/haproxy.service -O /lib/systemd/system/haproxy.service

mkdir /etc/haproxy
vi /etc/haproxy/haproxy.cfg
cp cert to location

/blah/openssl/1.1.1/target/bin/openssl s_client -connect 192.168.103.71:443 -servername 192.168.103.71

I don’t understand what you are saying. Are you saying it works now?

yes
thank you for helping