CLEANUP: quic: Do not set any cipher/group from ssl_quic_initial_ctx()
These settings are potentially cancelled by others setting initialization shared
with SSL sock bindings. This will have to be clarified when we will adapt the
QUIC bindings configuration.
diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index d120efc..aa388a2 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -1168,19 +1168,9 @@
*/
int ssl_quic_initial_ctx(struct bind_conf *bind_conf)
{
- struct proxy *curproxy = bind_conf->frontend;
struct ssl_bind_conf __maybe_unused *ssl_conf_cur;
int cfgerr = 0;
-#if 0
- /* XXX Did not manage to use this. */
- const char *ciphers =
- "TLS_AES_128_GCM_SHA256:"
- "TLS_AES_256_GCM_SHA384:"
- "TLS_CHACHA20_POLY1305_SHA256:"
- "TLS_AES_128_CCM_SHA256";
-#endif
- const char *groups = "X25519:P-256:P-384:P-521";
long options =
(SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
SSL_OP_SINGLE_ECDH_USE |
@@ -1191,24 +1181,6 @@
bind_conf->initial_ctx = ctx;
SSL_CTX_set_options(ctx, options);
-#if 0
- if (SSL_CTX_set_cipher_list(ctx, ciphers) != 1) {
- ha_alert("Proxy '%s': unable to set TLS 1.3 cipher list to '%s' "
- "for bind '%s' at [%s:%d].\n",
- curproxy->id, ciphers,
- bind_conf->arg, bind_conf->file, bind_conf->line);
- cfgerr++;
- }
-#endif
-
- if (SSL_CTX_set1_curves_list(ctx, groups) != 1) {
- ha_alert("Proxy '%s': unable to set TLS 1.3 curves list to '%s' "
- "for bind '%s' at [%s:%d].\n",
- curproxy->id, groups,
- bind_conf->arg, bind_conf->file, bind_conf->line);
- cfgerr++;
- }
-
SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
SSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION);
SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION);