Theo Buehler

LibreSSL does prioritize ChaCha20 for devices without AES-NI: https://github.com/openbsd/src/blob/ab0363c32c56eb9055d8521c868e670bd813bafc/lib/libssl/ssl_ciph.c#L1194-L1212

It should do it without special config. Do you set ciphers manually? On a machine with AES-NI: ``` Shared ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA256:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA256:CAMELLIA128-SHA CIPHER is TLS_AES_256_GCM_SHA384 ``` On a machine without AES-NI ```...

Please `pkg_add gdb` and get a backtrace using `egdb haproxy` rather than `gdb`. Also, is there really only one frame, i.e., only `#0`, no `#1`, etc in the backtrace output?

Thanks. This points at one of these two commits, which unfortunately can't easily be reverted at this point: https://github.com/openbsd/src/commit/91a7e77456f38c971cb36ccba7505d36e1ac8b71 https://github.com/openbsd/src/commit/20273a99a6bacb3807f178f8694f0925028b0743 @4a6f656c could you please take a look when you get...

Could you perhaps try this diff? ```diff Index: lhash/lhash.c =================================================================== RCS file: /cvs/src/lib/libcrypto/lhash/lhash.c,v diff -u -p -r1.22 lhash.c --- lhash/lhash.c 2 Mar 2024 11:11:11 -0000 1.22 +++ lhash/lhash.c 5 May...

This should be fixed with https://github.com/openbsd/src/commit/7b25026418e082ff146b25c2dd1082fe79f780f9 and the fix is available in -stable via a syspatch. There will be also be a LibreSSL release including this fix soon.

On Tue, May 14, 2024 at 03:23:36AM -0700, wizard-it wrote: > Thanks to all for the quick response! Thanks for the report, testing and confirming.

These should be provided via the compat header. Can you figure out what the apparently existing endian.h contains? https://github.com/libressl/portable/blob/55f21a399f56695990d5495384146b55a5e56823/include/compat/endian.h#L65-L77 Presumably this code needs to be of the form ``` #if...

> 3.7.2 - builds fine > 3.8.0 - fails That's because `crypto_internal.h` didn't exist back then and there were no calls to these conversion functions. As mentioned, the bug will...

In my very first post I asked a question and suggested a solution. How about you all try to answer it and then we can figure it out?