From ed0533c2c2ce01c059b0faf7eae2b0957deee82d Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Thu, 5 Mar 2020 19:49:49 +0300
Subject: [PATCH] Initial packets are protected with AEAD_AES_128_GCM.

---
 src/event/ngx_event_quic.c | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index a6999f7f4..30a130339 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -634,18 +634,23 @@ ngx_quic_create_long_packet(ngx_connection_t *c, ngx_ssl_conn_t *ssl_conn,
 
     ngx_quic_hexdump0(c->log, "ad", ad.data, ad.len);
 
-    switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
+    if (pkt->level != ssl_encryption_initial) {
+        switch (SSL_CIPHER_get_id(SSL_get_current_cipher(ssl_conn)) & 0xffff) {
 
-    case NGX_AES_128_GCM_SHA256:
+        case NGX_AES_128_GCM_SHA256:
+            cipher = EVP_aes_128_gcm();
+            break;
+
+        case NGX_AES_256_GCM_SHA384:
+            cipher = EVP_aes_256_gcm();
+            break;
+
+        default:
+            return NGX_ERROR;
+        }
+
+    } else {
         cipher = EVP_aes_128_gcm();
-        break;
-
-    case NGX_AES_256_GCM_SHA384:
-        cipher = EVP_aes_256_gcm();
-        break;
-
-    default:
-        return NGX_ERROR;
     }
 
     nonce = ngx_pstrdup(c->pool, &pkt->secret->iv);