Mercurial > hg > nginx
changeset 8197:75a2817808bf quic
Initial packets are protected with AEAD_AES_128_GCM.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 05 Mar 2020 19:49:49 +0300 |
parents | d447168ed13f |
children | ff14b0fe9731 |
files | src/event/ngx_event_quic.c |
diffstat | 1 files changed, 14 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -634,18 +634,23 @@ ngx_quic_create_long_packet(ngx_connecti ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len); - switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) { + if (pkt->level != ssl_encryption_initial) { + switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) { - case NGX_AES_128_GCM_SHA256: - cipher = EVP_aes_128_gcm(); - break; + case NGX_AES_128_GCM_SHA256: + cipher = EVP_aes_128_gcm(); + break; - case NGX_AES_256_GCM_SHA384: - cipher = EVP_aes_256_gcm(); - break; + case NGX_AES_256_GCM_SHA384: + cipher = EVP_aes_256_gcm(); + break; - default: - return NGX_ERROR; + default: + return NGX_ERROR; + } + + } else { + cipher = EVP_aes_128_gcm(); } nonce = ngx_pstrdup(c->pool, &pkt->secret->iv);