From 1739b648cfe4c4ef84b5644a2d697a799d0eb457 Mon Sep 17 00:00:00 2001 From: William Lallemand Date: Tue, 30 Jun 2026 12:44:45 +0000 Subject: [PATCH] MEDIUM: ssl: set FIPS-approved cipher defaults for AWS-LC FIPS builds When AWS-LC is built in FIPS mode, unconditionally override the compile-time cipher defaults with FIPS-approved sets before config parsing. Explicit ssl-default-{bind,server}-ciphers{suites} keywords in the global section still take precedence over these defaults. The approved sets are defined as macros in include/haproxy/defaults.h alongside the existing CONNECT/LISTEN_DEFAULT_CIPHERS family: CONNECT/LISTEN_DEFAULT_FIPS_CIPHERS - AES-128-GCM-SHA256 and AES-256-GCM-SHA384 (TLS 1.2) CONNECT/LISTEN_DEFAULT_FIPS_CIPHERSUITES - TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384 (TLS 1.3) This ensures internal servers (httpclient, Lua SSL sockets) that inherit global defaults also operate with FIPS-compliant cipher lists without requiring explicit configuration. --- include/haproxy/defaults.h | 22 ++++++++++++++++++++++ src/ssl_sock.c | 17 +++++++++++++++++ 2 files changed, 39 insertions(+) diff --git a/include/haproxy/defaults.h b/include/haproxy/defaults.h index eaa2f03bb..87ebe88f0 100644 --- a/include/haproxy/defaults.h +++ b/include/haproxy/defaults.h @@ -438,6 +438,28 @@ #define LISTEN_DEFAULT_CIPHERSUITES NULL #endif +/* FIPS-approved TLS 1.2 ciphers for AWS-LC FIPS builds (AES-GCM only) */ +#ifndef CONNECT_DEFAULT_FIPS_CIPHERS +#define CONNECT_DEFAULT_FIPS_CIPHERS \ + "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:" \ + "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384" +#endif + +#ifndef LISTEN_DEFAULT_FIPS_CIPHERS +#define LISTEN_DEFAULT_FIPS_CIPHERS \ + "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:" \ + "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384" +#endif + +/* FIPS-approved TLS 1.3 cipher suites for AWS-LC FIPS builds */ +#ifndef CONNECT_DEFAULT_FIPS_CIPHERSUITES +#define CONNECT_DEFAULT_FIPS_CIPHERSUITES "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384" +#endif + +#ifndef LISTEN_DEFAULT_FIPS_CIPHERSUITES +#define LISTEN_DEFAULT_FIPS_CIPHERSUITES "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384" +#endif + /* named curve used as defaults for ECDHE ciphers */ #ifndef ECDHE_DEFAULT_CURVE #define ECDHE_DEFAULT_CURVE "prime256v1" diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 77f88e2d0..b3907cc6f 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -8512,6 +8512,23 @@ static void __ssl_sock_init(void) global_ssl.connect_default_ciphersuites = strdup(global_ssl.connect_default_ciphersuites); #endif +#if defined(OPENSSL_IS_AWSLC) + /* When AWS-LC is built in FIPS mode, override any compile-time cipher + * defaults with the FIPS-approved sets. This runs before the config + * parser so that explicit ssl-default-{bind,server}-ciphers{suites} + * keywords in the global section still take precedence. */ + if (FIPS_mode()) { + free(global_ssl.listen_default_ciphers); + global_ssl.listen_default_ciphers = strdup(LISTEN_DEFAULT_FIPS_CIPHERS); + free(global_ssl.connect_default_ciphers); + global_ssl.connect_default_ciphers = strdup(CONNECT_DEFAULT_FIPS_CIPHERS); + free(global_ssl.listen_default_ciphersuites); + global_ssl.listen_default_ciphersuites = strdup(LISTEN_DEFAULT_FIPS_CIPHERSUITES); + free(global_ssl.connect_default_ciphersuites); + global_ssl.connect_default_ciphersuites = strdup(CONNECT_DEFAULT_FIPS_CIPHERSUITES); + } +#endif /* OPENSSL_IS_AWSLC */ + xprt_register(XPRT_SSL, &ssl_sock); #if HA_OPENSSL_VERSION_NUMBER < 0x10100000L SSL_library_init(); -- 2.47.3