1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
|
#REGTEST_TYPE=devel
# This reg-tests checks that the DH-related mechanisms works properly.
# When no DH is specified, either directly in the server's PEM or through a
# ssl-dh-param-file global option, and no tune.ssl.default-dh-param is defined,
# DHE ciphers are disabled.
# If a default-dh-param is defined, we will use DH parameters of the same size
# as the server's RSA or DSA key, or default-dh-param if it is smaller.
# This test has three distinct HAProxy instances, one with no DH-related option
# used, one with the tune.ssl.default-dh-param global parameter set, and one
# with an ssl-dh-param-file global option.
# We use "openssl s_client" calls in order to check the size of the "Server
# Temp Key" (which will be the same as the DH parameters in case a DHE cipher
# is used).
#
# The main goal of this test was to check that the newly added OpenSSLv3
# specific DH code worked as before, since it needed to be created in order to
# stop using deprecated APIs.
varnishtest "Test the DH related SSL options"
# AWS-LC does not support any FFDH ciphersuites
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && !ssllib_name_startswith(AWS-LC)' && !ssllib_name_startswith(wolfSSL)'"
feature cmd "command -v openssl && command -v grep && command -v socat"
feature ignore_unknown_macro
server s1 -repeat 8 {
rxreq
txresp
} -start
haproxy h1 -conf {
global
stats socket "${tmpdir}/h1/stats" level admin
defaults
mode http
option httpslog
log stderr local0 debug err
option logasap
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
retries 0
frontend clear-fe
bind "fd@${clearlst}"
use_backend gen_cert_be if { path /gencert }
default_backend dflt_be
backend dflt_be
server s1 "${tmpdir}/ssl_dflt.sock" ssl verify none ssl-max-ver TLSv1.2
backend gen_cert_be
server s1 "${tmpdir}/ssl_dflt_gencert.sock" ssl verify none ssl-max-ver TLSv1.2
listen ssl-dflt-lst
bind "${tmpdir}/ssl_dflt.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ciphers "DHE-RSA-AES256-GCM-SHA384" ssl-max-ver TLSv1.2
http-response set-header x-ssl-cipher %[ssl_fc_cipher]
server s1 ${s1_addr}:${s1_port}
listen ssl-dflt-gencert-lst
bind "${tmpdir}/ssl_dflt_gencert.sock" ssl generate-certificates crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt ca-sign-file ${testdir}/generate_certificates/gen_cert_ca.pem verify optional ciphers "DHE-RSA-AES256-GCM-SHA384" ssl-max-ver TLSv1.2
http-response set-header x-ssl-cipher %[ssl_fc_cipher]
server s1 ${s1_addr}:${s1_port}
} -start
haproxy h2 -conf {
global
stats socket "${tmpdir}/h2/stats" level admin
global
tune.ssl.default-dh-param 4096
defaults
mode http
option httpslog
log stderr local0 debug err
option logasap
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
retries 0
listen clear-lst
bind "fd@${clearlst_dfltdh}"
server s1 "${tmpdir}/ssl_dfltdh.sock" ssl verify none ssl-max-ver TLSv1.2
listen ssl-4096dh-dflt-lst
bind "${tmpdir}/ssl_dfltdh.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ciphers "DHE-RSA-AES256-GCM-SHA384" ssl-max-ver TLSv1.2
http-response set-header x-ssl-cipher %[ssl_fc_cipher]
server s1 ${s1_addr}:${s1_port}
} -start
haproxy h3 -conf {
global
stats socket "${tmpdir}/h3/stats" level admin
global
ssl-dh-param-file ${testdir}/common.4096.dh
defaults
mode http
option httpslog
log stderr local0 debug err
option logasap
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
retries 0
listen clear-lst
bind "fd@${clearlst_dhfile}"
server s1 "${tmpdir}/ssl_dhfile.sock" ssl verify none ssl-max-ver TLSv1.2
listen ssl-dhfile-lst
bind "${tmpdir}/ssl_dhfile.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ciphers "DHE-RSA-AES256-GCM-SHA384" ssl-max-ver TLSv1.2
http-response set-header x-ssl-cipher %[ssl_fc_cipher]
server s1 ${s1_addr}:${s1_port}
} -start
#
# Check that all the SSL backend <-> SSL frontend connections work
#
client c1 -connect ${h1_clearlst_sock} {
txreq
rxresp
# No DH parameters are defined, DHE ciphers are unavailable
expect resp.status == 503
} -run
client c2 -connect ${h2_clearlst_dfltdh_sock} {
txreq
rxresp
expect resp.status == 200
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
} -run
client c3 -connect ${h3_clearlst_dhfile_sock} {
txreq
rxresp
expect resp.status == 200
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
} -run
client c4 -connect ${h1_clearlst_sock} {
txreq -url "/gencert"
rxresp
# No DH parameters are defined, DHE ciphers are unavailable
expect resp.status == 503
} -run
# On the second HAProxy instance, even if default-dh-param is set to 4096, this
# value is only considered as a maximum DH key length and we will always try to
# match the server's certificate key length in our DHE key exchange (2048 bits
# in the case of common.pem).
shell {
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dfltdh.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 2048 bits"
}
shell {
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dhfile.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
}
#
# Add a custom DH to the server's PEM certificate
#
shell {
printf "set ssl cert ${testdir}/common.pem <<\n$(cat ${testdir}/common.pem)\n$(cat ${testdir}/common.4096.dh)\n\n" | socat "${tmpdir}/h1/stats" -
echo "commit ssl cert ${testdir}/common.pem" | socat "${tmpdir}/h1/stats" -
printf "set ssl cert ${testdir}/common.pem <<\n$(cat ${testdir}/common.pem)\n$(cat ${testdir}/common.4096.dh)\n\n" | socat "${tmpdir}/h2/stats" -
echo "commit ssl cert ${testdir}/common.pem" | socat "${tmpdir}/h2/stats" -
printf "set ssl cert ${testdir}/common.pem <<\n$(cat ${testdir}/common.pem)\n$(cat ${testdir}/common.4096.dh)\n\n" | socat "${tmpdir}/h3/stats" -
echo "commit ssl cert ${testdir}/common.pem" | socat "${tmpdir}/h3/stats" -
}
#
# Check that all the SSL backend <-> SSL frontend connections still work
# Common.pem now contains DH parameters so the first instance's frontends
# can now use DHE ciphers.
#
client c5 -connect ${h1_clearlst_sock} {
txreq
rxresp
expect resp.status == 200
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
} -run
client c6 -connect ${h2_clearlst_dfltdh_sock} {
txreq
rxresp
expect resp.status == 200
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
} -run
client c7 -connect ${h3_clearlst_dhfile_sock} {
txreq
rxresp
expect resp.status == 200
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
} -run
client c8 -connect ${h1_clearlst_sock} {
txreq -url "/gencert"
rxresp
expect resp.status == 200
expect resp.http.x-ssl-cipher == "DHE-RSA-AES256-GCM-SHA384"
} -run
#
# Check the new size of the DH key
#
shell {
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dflt.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
}
shell {
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dfltdh.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
}
shell {
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dhfile.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
}
shell {
echo "Q" | openssl s_client -unix "${tmpdir}/ssl_dflt_gencert.sock" -tls1_2 2>/dev/null | grep -E "Server Temp Key: DH, 4096 bits"
}
|
