Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws-lc-rs: reduce priority of ECDSA_NISTP521_SHA512 #1924

Merged
merged 1 commit into from
May 3, 2024
Merged

aws-lc-rs: reduce priority of ECDSA_NISTP521_SHA512 #1924

merged 1 commit into from
May 3, 2024

Conversation

ctz
Copy link
Member

@ctz ctz commented Apr 26, 2024

In TLS1.2, this actually means ECDSA_SHA512. If the peer selects that, we get caught out depending on the curve of the public key because we don't support (for example) ECDSA_NISTP256_SHA512.

Reducing the preference of this improves matters, because a peer that respects our priority will only select that if nothing else is possible (which includes the cases that SHA256 and SHA384 are not supported, in which case we are hosed, but also if the version is TLS1.3 and public key is on P521).

fixes #1912 though unsatisfyingly

@ctz
aws-lc-rs: reduce priority of ECDSA_NISTP521_SHA512
e01b7b2 
In TLS1.2, this actually means ECDSA_SHA512.  If the peer selects
that, we get caught out depending on the curve of the public key
because we don't support (for example) `ECDSA_NISTP256_SHA512`.

Reducing the preference of this improves matters, because a
peer that respects our priority will only select that if nothing
else is possible (which includes the cases that SHA256 and SHA384
are not supported, in which case we are hosed, but also if the
version is TLS1.3 and public key is on P521).
@codecov Codecov
Copy link

codecov bot commented Apr 26, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.49%. Comparing base (a74f9d5) to head (e01b7b2).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1924   +/-   ##
=======================================
  Coverage   95.49%   95.49%           
=======================================
  Files          86       86           
  Lines       18650    18650           
=======================================
  Hits        17810    17810           
  Misses        840      840

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rustls-benchmarking Rustls Benchmarking
Copy link

rustls-benchmarking bot commented Apr 26, 2024
edited

Benchmark results

Instruction counts

Significant differences

There are no significant instruction count differences

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
handshake_tickets_aws_lc_rs_1.2_rsa_aes_server 4345309 4420301 74992 (1.73%) 3.03%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_server 3886371 3941023 54652 (1.41%) 5.06%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 8750409 8730661 -19748 (-0.23%) 0.57%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 8726538 8712331 -14207 (-0.16%) 1.01%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_client 30133658 30164809 31151 (0.10%) 0.21%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_server 13747363 13734161 -13202 (-0.10%) 2.48%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_server 13762264 13774582 12318 (0.09%) 1.64%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_client 30123944 30150906 26962 (0.09%) 0.28%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_server 46376548 46409265 32717 (0.07%) 0.34%
handshake_no_resume_ring_1.3_ecdsap256_aes_client 3912124 3914726 2602 (0.07%) 0.23%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_server 32659494 32638136 -21358 (-0.07%) 0.87%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_client 30339732 30355571 15839 (0.05%) 0.33%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 3368179 3366465 -1714 (-0.05%) 0.24%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_server 80604382 80644638 40256 (0.05%) 0.33%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_server 32662565 32647009 -15556 (-0.05%) 0.62%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_server 32413694 32400515 -13179 (-0.04%) 0.56%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_server 13368816 13364315 -4501 (-0.03%) 0.99%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 1894696 1895313 617 (0.03%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_client 30327381 30336010 8629 (0.03%) 0.46%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes_client 2215388 2215930 542 (0.02%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 3362237 3363021 784 (0.02%) 0.27%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_client 92693517 92714908 21391 (0.02%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_server 32373815 32366759 -7056 (-0.02%) 0.85%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha_client 2222446 2222920 474 (0.02%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_client 2954520 2955005 485 (0.02%) 0.20%
handshake_session_id_ring_1.2_rsa_aes_server 4231997 4231322 -675 (-0.02%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_chacha_client 3915851 3916452 601 (0.02%) 0.21%
handshake_no_resume_ring_1.3_ecdsap256_chacha_server 2131312 2131605 293 (0.01%) 0.35%
handshake_tickets_aws_lc_rs_1.2_rsa_aes_client 4299442 4299963 521 (0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.2_rsa_aes_client 3972438 3972913 475 (0.01%) 0.20%
handshake_session_id_ring_1.2_rsa_aes_client 4233719 4234221 502 (0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes_client 2014713 2014950 237 (0.01%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 1891776 1891970 194 (0.01%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_client 30132210 30134992 2782 (0.01%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_client 30333209 30335805 2596 (0.01%) 0.20%
handshake_no_resume_ring_1.3_ecdsap256_aes_server 2129265 2129440 175 (0.01%) 0.23%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_client 30360071 30357609 -2462 (-0.01%) 0.20%
handshake_tickets_ring_1.2_rsa_aes_server 4663942 4663726 -216 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_client 58320598 58318087 -2511 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_chacha_server 12173928 12174438 510 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_server 46409769 46411708 1939 (0.00%) 0.33%
handshake_no_resume_ring_1.2_rsa_aes_client 2856085 2856197 112 (0.00%) 0.20%
handshake_no_resume_ring_1.2_rsa_aes_server 11985019 11985480 461 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_client 58232912 58235147 2235 (0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 4276337 4276487 150 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_client 41965976 41967410 1434 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_client 41763595 41762296 -1299 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_server 43692165 43693374 1209 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_chacha_server 43618417 43617258 -1159 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_client 92651325 92648885 -2440 (-0.00%) 0.20%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 4273138 4273238 100 (0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_client 41862723 41861771 -952 (-0.00%) 0.20%
handshake_tickets_ring_1.2_rsa_aes_client 4507851 4507946 95 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_server 43411031 43411840 809 (0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_server 12168371 12168148 -223 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha_client 30146654 30147188 534 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_client 30161226 30160719 -507 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_client 41767355 41766667 -688 (-0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes_server 32410876 32411383 507 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_server 13739551 13739765 214 (0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_aes_server 43408324 43408971 647 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_chacha_server 43310882 43311493 611 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_client 42031711 42032303 592 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha_client 30347612 30347190 -422 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_client 41843613 41844168 555 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_server 46461367 46461939 572 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes_server 32673224 32672851 -373 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes_client 58234681 58234033 -648 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_server 43617313 43617775 462 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes_server 32411674 32411341 -333 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_aes_server 43692223 43692634 411 (0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_client 58202501 58203030 529 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha_server 32371334 32371610 276 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_client 58222804 58222328 -476 (-0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap384_chacha_client 41962984 41962681 -303 (-0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_client 42050375 42050076 -299 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha_server 32649813 32650045 232 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes_server 46429840 46430161 321 (0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_client 41780940 41781223 283 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap256_aes_client 41848493 41848774 281 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha_server 32371841 32372058 217 (0.00%) 0.20%
handshake_session_id_aws_lc_rs_1.3_rsa_aes_client 30170633 30170443 -190 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha_server 32649711 32649898 187 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_chacha_client 35473595 35473789 194 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_client 35471820 35471636 -184 (-0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_client 41981010 41980793 -217 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_client 92690080 92689630 -450 (-0.00%) 0.20%
handshake_no_resume_ring_1.3_rsa_aes_client 2949032 2949046 14 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_aes_server 46453943 46453724 -219 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_client 58315141 58315415 274 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha_client 92692350 92691932 -418 (-0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_aes_server 43411064 43411238 174 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_client 92652418 92652060 -358 (-0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_aes_server 43690352 43690186 -166 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes_client 68655982 68656241 259 (0.00%) 0.20%
handshake_no_resume_ring_1.3_ecdsap384_aes_server 13737572 13737623 51 (0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes_server 32673253 32673147 -106 (-0.00%) 0.20%
handshake_tickets_aws_lc_rs_1.3_rsa_aes_client 30369680 30369778 98 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_aes_server 46457568 46457422 -146 (-0.00%) 0.20%
handshake_tickets_ring_1.3_rsa_chacha_server 43615230 43615095 -135 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_server 80510810 80510574 -236 (-0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes_server 46430360 46430227 -133 (-0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap384_chacha_client 92647343 92647569 226 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha_server 80609487 80609676 189 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_chacha_server 80514938 80515111 173 (0.00%) 0.20%
transfer_no_resume_ring_1.3_ecdsap256_chacha_server 80507123 80506980 -143 (-0.00%) 0.20%
handshake_session_id_ring_1.3_rsa_chacha_server 43308240 43308307 67 (0.00%) 0.20%
transfer_no_resume_ring_1.3_rsa_aes_client 58319067 58319156 89 (0.00%) 0.20%
handshake_session_id_ring_1.3_ecdsap384_chacha_server 43310593 43310654 61 (0.00%) 0.20%
handshake_tickets_ring_1.3_ecdsap256_aes_client 42036500 42036552 52 (0.00%) 0.20%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha_server 80609315 80609255 -60 (-0.00%) 0.20%
transfer_no_resume_ring_1.2_rsa_aes_server 46361777 46361787 10 (0.00%) 0.20%

Wall-time

Significant differences

There are no significant wall-time differences

Other differences

Click to expand
Scenario Baseline Candidate Diff Threshold
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_aes 4.52 ms 4.46 ms -0.06 ms (-1.40%) 3.85%
transfer_no_resume_aws_lc_rs_1.2_rsa_aes 5.46 ms 5.39 ms -0.06 ms (-1.15%) 4.01%
transfer_no_resume_aws_lc_rs_1.3_rsa_aes 5.45 ms 5.39 ms -0.06 ms (-1.11%) 3.87%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_aes 5.23 ms 5.18 ms -0.06 ms (-1.08%) 3.26%
transfer_no_resume_ring_1.2_rsa_aes 6.75 ms 6.68 ms -0.07 ms (-1.04%) 3.28%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 476.63 µs 471.85 µs -4.78 µs (-1.00%) 3.45%
transfer_no_resume_ring_1.3_ecdsap256_aes 6.34 ms 6.29 ms -0.06 ms (-0.93%) 2.55%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_aes 5.25 ms 5.21 ms -0.04 ms (-0.82%) 1.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap256_aes 476.98 µs 473.10 µs -3.88 µs (-0.81%) 3.99%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_aes 5.27 ms 5.23 ms -0.04 ms (-0.80%) 1.15%
handshake_session_id_aws_lc_rs_1.3_rsa_aes 6.20 ms 6.16 ms -0.05 ms (-0.73%) 1.76%
transfer_no_resume_ring_1.3_rsa_aes 6.83 ms 6.78 ms -0.05 ms (-0.72%) 2.66%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_aes 5.97 ms 5.93 ms -0.04 ms (-0.71%) 1.00%
handshake_session_id_aws_lc_rs_1.3_ecdsap384_chacha 5.95 ms 5.91 ms -0.04 ms (-0.69%) 1.00%
handshake_no_resume_ring_1.3_ecdsap256_aes 505.83 µs 502.38 µs -3.45 µs (-0.68%) 2.82%
handshake_no_resume_ring_1.3_ecdsap256_chacha 503.41 µs 499.98 µs -3.43 µs (-0.68%) 2.34%
handshake_session_id_aws_lc_rs_1.3_ecdsap256_chacha 5.25 ms 5.21 ms -0.04 ms (-0.68%) 1.00%
handshake_session_id_aws_lc_rs_1.3_rsa_chacha 6.18 ms 6.14 ms -0.04 ms (-0.67%) 1.09%
handshake_tickets_aws_lc_rs_1.3_ecdsap256_chacha 5.26 ms 5.23 ms -0.03 ms (-0.66%) 1.00%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_aes 5.98 ms 5.94 ms -0.04 ms (-0.64%) 1.00%
handshake_tickets_aws_lc_rs_1.3_rsa_chacha 6.20 ms 6.17 ms -0.04 ms (-0.61%) 1.39%
transfer_no_resume_ring_1.3_ecdsap384_aes 9.44 ms 9.39 ms -0.06 ms (-0.59%) 1.59%
handshake_tickets_aws_lc_rs_1.3_rsa_aes 6.20 ms 6.17 ms -0.03 ms (-0.56%) 1.96%
handshake_tickets_aws_lc_rs_1.3_ecdsap384_chacha 5.97 ms 5.94 ms -0.03 ms (-0.53%) 1.00%
handshake_tickets_ring_1.2_rsa_aes 1.64 ms 1.63 ms -0.01 ms (-0.51%) 1.42%
transfer_no_resume_aws_lc_rs_1.3_rsa_chacha 13.93 ms 13.86 ms -0.07 ms (-0.49%) 1.40%
transfer_no_resume_aws_lc_rs_1.3_ecdsap256_chacha 12.99 ms 12.93 ms -0.06 ms (-0.48%) 1.47%
handshake_no_resume_aws_lc_rs_1.3_rsa_chacha 1.40 ms 1.39 ms -0.01 ms (-0.48%) 1.00%
transfer_no_resume_ring_1.3_ecdsap256_chacha 12.99 ms 12.94 ms -0.06 ms (-0.43%) 1.35%
transfer_no_resume_ring_1.3_rsa_chacha 13.49 ms 13.43 ms -0.05 ms (-0.40%) 1.29%
transfer_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 13.69 ms 13.64 ms -0.05 ms (-0.39%) 1.43%
handshake_no_resume_aws_lc_rs_1.2_rsa_aes 1.36 ms 1.35 ms -0.01 ms (-0.38%) 1.37%
handshake_session_id_aws_lc_rs_1.2_rsa_aes 2.05 ms 2.04 ms -0.01 ms (-0.38%) 2.14%
handshake_no_resume_aws_lc_rs_1.3_rsa_aes 1.41 ms 1.40 ms -0.01 ms (-0.36%) 1.38%
handshake_no_resume_ring_1.2_rsa_aes 976.50 µs 973.01 µs -3.49 µs (-0.36%) 1.00%
handshake_no_resume_ring_1.3_rsa_chacha 998.30 µs 994.75 µs -3.54 µs (-0.35%) 1.00%
handshake_no_resume_ring_1.3_rsa_aes 996.87 µs 993.40 µs -3.47 µs (-0.35%) 1.26%
transfer_no_resume_ring_1.3_ecdsap384_chacha 16.09 ms 16.04 ms -0.05 ms (-0.34%) 1.00%
handshake_session_id_ring_1.2_rsa_aes 1.56 ms 1.55 ms -0.00 ms (-0.30%) 1.35%
handshake_tickets_aws_lc_rs_1.2_rsa_aes 2.21 ms 2.21 ms -0.01 ms (-0.28%) 2.72%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_aes 1.19 ms 1.19 ms -0.00 ms (-0.28%) 1.00%
handshake_no_resume_aws_lc_rs_1.3_ecdsap384_chacha 1.18 ms 1.18 ms -0.00 ms (-0.25%) 1.06%
handshake_tickets_ring_1.3_ecdsap256_aes 6.72 ms 6.71 ms -0.01 ms (-0.22%) 1.15%
handshake_session_id_ring_1.3_rsa_chacha 7.15 ms 7.14 ms -0.01 ms (-0.20%) 1.00%
handshake_session_id_ring_1.3_ecdsap256_aes 6.70 ms 6.69 ms -0.01 ms (-0.18%) 1.00%
handshake_session_id_ring_1.3_ecdsap384_chacha 9.75 ms 9.73 ms -0.02 ms (-0.17%) 1.00%
handshake_tickets_ring_1.3_rsa_aes 7.21 ms 7.20 ms -0.01 ms (-0.16%) 1.00%
handshake_session_id_ring_1.3_ecdsap384_aes 9.79 ms 9.77 ms -0.02 ms (-0.16%) 1.00%
handshake_tickets_ring_1.3_ecdsap384_aes 9.81 ms 9.79 ms -0.02 ms (-0.15%) 1.00%
handshake_session_id_ring_1.3_rsa_aes 7.20 ms 7.19 ms -0.01 ms (-0.13%) 1.00%
handshake_tickets_ring_1.3_rsa_chacha 7.16 ms 7.15 ms -0.01 ms (-0.09%) 1.15%
handshake_tickets_ring_1.3_ecdsap256_chacha 6.67 ms 6.67 ms -0.01 ms (-0.09%) 1.00%
handshake_tickets_ring_1.3_ecdsap384_chacha 9.76 ms 9.75 ms -0.01 ms (-0.08%) 1.00%
handshake_session_id_ring_1.3_ecdsap256_chacha 6.66 ms 6.65 ms -0.00 ms (-0.07%) 1.00%
handshake_no_resume_ring_1.3_ecdsap384_chacha 3.60 ms 3.60 ms -0.00 ms (-0.05%) 1.00%
handshake_no_resume_ring_1.3_ecdsap384_aes 3.60 ms 3.60 ms 0.00 ms (0.01%) 1.00%

Additional information

Historical results

Checkout details:

@djc
Copy link
Member

djc commented Apr 26, 2024

What is the right fix and why didn't you submit that? 😉

@ctz
Copy link
Member Author

ctz commented Apr 26, 2024

What is the right fix and why didn't you submit that? 😉

  1. build a time machine, travel back and tell the tlswg that they shouldn't change the semantics of an existing bit of protocol. I tried this one earlier, but now my house is full of smoke and both my cats are missing?

  2. in webpki & aws-lc-rs add support for: ECDSA_P384_SHA512, ECDSA_P256_SHA512, ECDSA_P521_SHA256, & ECDSA_P521_SHA384

@djc
Copy link
Member

djc commented Apr 26, 2024

  • in webpki & aws-lc-rs add support for: ECDSA_P384_SHA512, ECDSA_P256_SHA512, ECDSA_P521_SHA256, & ECDSA_P521_SHA384

Is that hard, or just copying a bunch of constants around?

cpu
cpu approved these changes Apr 26, 2024
View reviewed changes
Copy link
Member

@cpu cpu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like a better state of affairs than main, and if the other realistic fix requires updating two separate crates (one outside of our org) I think it's fair to land this and pursue further improvements separately.

Thanks!

@djc
Copy link
Member

djc commented Apr 26, 2024

So do we want to release a 0.23.6 for this?

@cpu
Copy link
Member

cpu commented Apr 26, 2024

So do we want to release a 0.23.6 for this?

I think 👍 but we also need a 0.22.x fix. Support for p521 w/ aws-lc-rs was added in 0.22.2.

@ctz ctz added this pull request to the merge queue May 3, 2024
Merged via the queue into main with commit 08af80a May 3, 2024
46 checks passed
@ctz ctz deleted the jbp-avoid-sha512-in-tls12 branch May 3, 2024 09:56
@ctz ctz mentioned this pull request May 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@djc djc djc approved these changes

@cpu cpu cpu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AWS LC fails against golang TLS server while ring works fine
3 participants
@ctz @djc @cpu