Mercurial > hg > nginx

changeset 8197:75a2817808bf quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Initial packets are protected with AEAD_AES_128_GCM.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 05 Mar 2020 19:49:49 +0300
parents d447168ed13f
children ff14b0fe9731
files src/event/ngx_event_quic.c
diffstat 1 files changed, 14 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -634,18 +634,23 @@ ngx_quic_create_long_packet(ngx_connecti
 
     ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len);
 
-    switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
+    if (pkt->level != ssl_encryption_initial) {
+        switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
 
-    case NGX_AES_128_GCM_SHA256:
-        cipher = EVP_aes_128_gcm();
-        break;
+        case NGX_AES_128_GCM_SHA256:
+            cipher = EVP_aes_128_gcm();
+            break;
 
-    case NGX_AES_256_GCM_SHA384:
-        cipher = EVP_aes_256_gcm();
-        break;
+        case NGX_AES_256_GCM_SHA384:
+            cipher = EVP_aes_256_gcm();
+            break;
 
-    default:
-        return NGX_ERROR;
+        default:
+            return NGX_ERROR;
+        }
+
+    } else {
+        cipher = EVP_aes_128_gcm();
     }
 
     nonce = ngx_pstrdup(c->pool, &pkt->secret->iv);