Unable to set ciphers for quic traffic

[Karthikdasari0423]

I did this

i tried to run below command with chacha20 ciphers

curl -v -# --http3-only -k -o /tmp/BPS.pdf https://127.0.0.1:8443/BPS.pdf --ciphers TLS_CHACHA20_POLY1305_SHA256

and file also downloaded sucessfully but nginx logs is not showing chacha20 as ciphers used

cat /var/log/nginx/access.log
127.0.0.1 - - [04/Sep/2023:17:50:14 +0000] "GET /BPS.pdf HTTP/3.0" 200 30182355 "-" "curl/8.3.0-DEV"
127.0.0.1 - - [04/Sep/2023:17:50:14 +0000] "HTTP/3.0" "GET /BPS.pdf HTTP/3.0" 200 30182355 "-" "curl/8.3.0-DEV" "h3" "-""GET https://127.0.0.1/BPS.pdf 9948104b97890658c6b4ccba6908c68d 177287 1693849814.723 0.167 - - - "/var/www/html/BPS.pdf" OKTLSv1.3/TLS_AES_128_GCM_SHA256

I expected the following

i expect curl to use chacha20 ciphers

curl/libcurl version

curl -V
curl 8.3.0-DEV (x86_64-pc-linux-gnu) libcurl/8.3.0-DEV OpenSSL/3.0.9 zlib/1.2.11 brotli/1.0.9 nghttp2/1.56.0-DEV ngtcp2/0.18.0 nghttp3/0.14.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets

operating system

uname -a
Linux ubuntu 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

am i missing anything here cause with ngtcp2 and aioquic,i am able to see chacha20 ciphers in nginx logs

cat /var/log/nginx/access.log
127.0.0.1 - - [04/Sep/2023:17:45:26 +0000] "GET / HTTP/3.0" 200 10701 "-" "aioquic/0.9.21"
127.0.0.1 - - [04/Sep/2023:17:45:26 +0000] "HTTP/3.0" "GET / HTTP/3.0" 200 10701 "-" "aioquic/0.9.21" "h3" "-""GET https://localhost/ 3e68fabe6168c1cf6986e8f210b61280 176074 1693849526.229 0.000 - - - "/var/www/html/index.html" OKTLSv1.3/TLS_CHACHA20_POLY1305_SHA256

[dfandrich]

Are you sure this is a curl issue and not one of the web site or the OpenSSL configuration? What is the output of `openssl ciphers`? What does https://www.ssllabs.com/ssltest/index.html say about the cipher suites supported by the web site? Are you able to connect to the site with another program using ChaCha20?

[Karthikdasari0423]

I believe this is curl issue and i am not sure about OpenSSL configuration cause i have followed the same steps mentioned how to build curl with quic support and done the same.
[https://github.com/curl/curl/blob/master/docs/HTTP3.md]

Below is the output of 'openssl ciphers'

root@ubuntu:~# openssl ciphers
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES256-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:AES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA
root@ubuntu:~#

this is not any website,i am running curl and nginx locally in my ubuntu machine and trying to connect to localhost(127.0.0.1)

[curl -v -# --http3-only -k -o /tmp/BPS.pdf https://127.0.0.1:8443/BPS.pdf --ciphers TLS_CHACHA20_POLY1305_SHA256]

I am able to connect to nginx with ngtcp2 and aioquic

below is the nginx output for aioquic

cat /var/log/nginx/access.log
127.0.0.1 - - [04/Sep/2023:17:45:26 +0000] "GET / HTTP/3.0" 200 10701 "-" "aioquic/0.9.21"
127.0.0.1 - - [04/Sep/2023:17:45:26 +0000] "HTTP/3.0" "GET / HTTP/3.0" 200 10701 "-" "aioquic/0.9.21" "h3" "-""GET https://localhost/ 3e68fabe6168c1cf6986e8f210b61280 176074 1693849526.229 0.000 - - - "/var/www/html/index.html" OKTLSv1.3/TLS_CHACHA20_POLY1305_SHA256

Please let me know if i am missing anything here

[bagder]

Since QUIC uses tls 1.3, shouldn't --tls13-ciphers be used?

[Karthikdasari0423]

yes,we should use --tls13-ciphers and i tried same with --tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 but ciphers didnt took any effect

Below is the output

root@ubuntu:~# curl -v -# --http3-only -k --tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 -o /tmp/BPS.pdf https://127.0.0.1:8443/BPS.pdf
*   Trying 127.0.0.1:8443...
* Skipped certificate verification
* Connected to 127.0.0.1 (127.0.0.1) port 8443
* using HTTP/3
* [HTTP/3] [0] OPENED stream for https://127.0.0.1:8443/BPS.pdf
* [HTTP/3] [0] [:method: GET]
* [HTTP/3] [0] [:scheme: https]
* [HTTP/3] [0] [:authority: 127.0.0.1:8443]
* [HTTP/3] [0] [:path: /BPS.pdf]
* [HTTP/3] [0] [user-agent: curl/8.3.0-DEV]
* [HTTP/3] [0] [accept: */*]
> GET /BPS.pdf HTTP/3
> Host: 127.0.0.1:8443
> User-Agent: curl/8.3.0-DEV
> Accept: */*
>
< HTTP/3 200
< server: nginx/1.25.2
< date: Tue, 05 Sep 2023 04:12:59 GMT
< content-type: application/pdf
< content-length: 30182355
< last-modified: Sun, 03 Sep 2023 10:16:30 GMT
< etag: "64f45cfe-1cc8bd3"
< alt-svc: h3=":8443"; ma=86400
< x-protocol: HTTP/3.0
< accept-ranges: bytes
<
{ [29302 bytes data]
################################################################################################################################ 100.0%* Connection #0 to host 127.0.0.1 left intact

root@ubuntu:~#
root@ubuntu:~#
root@ubuntu:~# cat /var/log/nginx/access.log
127.0.0.1 - - [05/Sep/2023:04:12:59 +0000] "GET /BPS.pdf HTTP/3.0" 200 30182355 "-" "curl/8.3.0-DEV"
127.0.0.1 - - [05/Sep/2023:04:12:59 +0000] "HTTP/3.0" "GET /BPS.pdf HTTP/3.0" 200 30182355 "-" "curl/8.3.0-DEV" "h3" "-""GET https://127.0.0.1/BPS.pdf 940298adef449129e85971388e20c68a 179149 1693887179.578 0.167 - - - "/var/www/html/BPS.pdf" OKTLSv1.3/TLS_AES_128_GCM_SHA256
root@ubuntu:~# date
Tue Sep  5 04:13:24 AM UTC 2023

[chengr28]

Hi team,

I also reproduce this issue, both --tls13-ciphers and --ciphers are not working when using HTTP/3.

Here is the curl version, the system is Windows 11:

>curl -V
curl 8.2.1 (x86_64-w64-mingw32) libcurl/8.2.1 OpenSSL/3.1.2 (Schannel) zlib/1.3 brotli/1.0.9 zstd/1.5.5 WinIDN libssh2/1.11.0 nghttp2/1.55.1 ngtcp2/0.18.0 nghttp3/0.14.0 libgsasl/2.2.0
Release-Date: 2023-07-26
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets zstd

Below is some request log:

>curl -v --http3-only --tls13-ciphers "TLS_CHACHA20_POLY1305_SHA256" --ciphers "TLS_CHACHA20_POLY1305_SHA256" https://www.cloudflare.com
* processing: https://www.cloudflare.com
*   Trying [<server_ip_address>]:443...
*  CAfile: <curl_location>\curl-ca-bundle.crt
*  CApath: none
*   Trying <server_ip_address>:443...
*  subjectAltName: host "www.cloudflare.com" matched cert's "www.cloudflare.com"
* Verified certificate just fine
* Connected to www.cloudflare.com (<server_ip_address>) port 443
* using HTTP/3
* Using HTTP/3 Stream ID: 0
> GET / HTTP/3
> Host: www.cloudflare.com
> User-Agent: curl/8.2.1
> Accept: */*
>
< HTTP/3 200
...

Also captured the QUIC packet:

QUIC IETF
    QUIC Connection information
...
        TLSv1.3 Record Layer: Handshake Protocol: Client Hello
            Handshake Protocol: Client Hello
                ...
                Cipher Suites Length: 10
                Cipher Suites (5 suites)
                    Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
                    Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
                    Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
                    Cipher Suite: TLS_AES_128_CCM_SHA256 (0x1304)
                    Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)

It seems above 4 cipher suite was "locked" even set cipher to TLS_CHACHA20_POLY1305_SHA256 only ("TLS_AES_128_CCM_SHA256" only, and others). The server perfers to use the first cipher suite from ClientHello, so that TLS_AES_128_GCM_SHA256 was used.

Not sure if any other options can do. The --tls13-ciphers and --ciphers work fine when using TCP TLS connections.

I hope this may help you, thanks.

[Karthikdasari0423]

Hi @chengr28

Thank you for checking this from your side also.

@bagder any comments or workaround on this would be helpful

[chengr28]

Oh, I found the --curves option is also not working in HTTP/3 connection. Just set --curves to x25519, secp256r1, or others.

QUIC IETF
    QUIC Connection information
    ...
    CRYPTO
        Frame Type: CRYPTO (0x0000000000000006)
        ...
        TLSv1.3 Record Layer: Handshake Protocol: Client Hello
            Handshake Protocol: Client Hello
                ...
                Extension: supported_groups (len=10)
                    Type: supported_groups (10)
                    Length: 10
                    Supported Groups List Length: 8
                    Supported Groups (4 groups)
                        Supported Group: secp256r1 (0x0017)
                        Supported Group: x25519 (0x001d)
                        Supported Group: secp384r1 (0x0018)
                        Supported Group: secp521r1 (0x0019)
...

[Karthikdasari0423]

okay,Thank you @chengr28

[Karthikdasari0423]

Thank you @bagder