# HG changeset patch # User Roman Arutyunyan # Date 1685258227 -14400 # Node ID b4a57278bf24dd28d39afea0eb09732c05bf1606 # Parent 6c75d2484267b2a1e0d98a7a6ccd3c78c09a0816 QUIC: fixed compat with ciphers other than AES128 (ticket #2500). Previously, rec.level field was not uninitialized in SSL_provide_quic_data(). As a result, its value was always ssl_encryption_initial. Later in ngx_quic_ciphers() such level resulted in resetting the cipher to TLS1_3_CK_AES_128_GCM_SHA256 and using AES128 to encrypt the packet. Now the level is initialized and the right cipher is used. diff --git a/src/event/quic/ngx_event_quic_openssl_compat.c b/src/event/quic/ngx_event_quic_openssl_compat.c --- a/src/event/quic/ngx_event_quic_openssl_compat.c +++ b/src/event/quic/ngx_event_quic_openssl_compat.c @@ -463,6 +463,7 @@ SSL_provide_quic_data(SSL *ssl, enum ssl rec.log = c->log; rec.number = com->read_record++; rec.keys = &com->keys; + rec.level = level; if (level == ssl_encryption_initial) { n = ngx_min(len, 65535);