Why does the client hello change?

[huitema]

As part of the picoquic test suite, we have tests of the qlog implementation. The test is simple: run a QUIC connection on a simulator, capture a log, verify that the captured log matches a reference file. For the test to work, we need to make sure that execution remains the same from run to run, so the test detects possible changes in the logging code, not unrelated changes in the environment. For example, in order to minimize variability in the size of the "client hello", the code:

• Sets the list of supported cipher suites to just one value, AES128GCM
• Sets the list of supported key exchanges to just one value, secp256r1

I understand that the value of the client hello will change based on different random numbers, keys shares, etc. But by forcing the code to use just on ciphersuite and one key exchange, I would expect the size of the ClientHello to remain constant. But we observe variations based on versions of picotls, or versions of the underlying openssl library. Why?

[kazuho]

IIRC size of a BER-encoded secp256r1 public key generated and used for key exchange can change by one byte, depending on its value. You might be interested in using x25519 if you want to keep the size fixed.

Re different versions of picotls, the size of the ClientHello will change, as we add support for different things (e.g., new Signature Algorithm).

[huitema]

Good point re:25519. Is there a way I can control the signature algorithms advertised by picotls?

[huitema]

My main concern is finding differences between Windows runs and Linux runs, probably due to what version of openssl is installed. That creates noise in the tests.

[kazuho]

@huitema This is a hack, but with PR #342 being merged, you can set ptls_verify_certificate_t::algo to something you want, after that is being initialized by ptls_openssl_init_verify_certificate.