# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1583426989 -10800
# Node ID 75a2817808bfde07134aff0dbbda1a5e02f21665
# Parent  d447168ed13f0963bb6fbe57945832c28e6e0d71
Initial packets are protected with AEAD_AES_128_GCM.

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -634,18 +634,23 @@ ngx_quic_create_long_packet(ngx_connecti
 
     ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len);
 
-    switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
+    if (pkt->level != ssl_encryption_initial) {
+        switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
 
-    case NGX_AES_128_GCM_SHA256:
-        cipher = EVP_aes_128_gcm();
-        break;
+        case NGX_AES_128_GCM_SHA256:
+            cipher = EVP_aes_128_gcm();
+            break;
 
-    case NGX_AES_256_GCM_SHA384:
-        cipher = EVP_aes_256_gcm();
-        break;
+        case NGX_AES_256_GCM_SHA384:
+            cipher = EVP_aes_256_gcm();
+            break;
 
-    default:
-        return NGX_ERROR;
+        default:
+            return NGX_ERROR;
+        }
+
+    } else {
+        cipher = EVP_aes_128_gcm();
     }
 
     nonce = ngx_pstrdup(c->pool, &pkt->secret->iv);