Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dont get Server Temp Key in openssl s_client when testing #270

Open
majodu opened this issue Mar 14, 2024 · 4 comments
Open

Dont get Server Temp Key in openssl s_client when testing #270

majodu opened this issue Mar 14, 2024 · 4 comments
Assignees
@bhess
Labels
bug Something isn't working

Comments

@majodu
Copy link

majodu commented Mar 14, 2024

Describe the bug
Following the instructions on https://test.openquantumsafe.org/ I should find a Server Temp Key field underneath Peer signature type in the output of the openssl s_client command. After running it however, there is no Server Temp Key listed even though running the same command checking for a standard non-pqc algorithm works fine. The command otherwise completes successfully and you are able to GET / the webpage.

To Reproduce
Steps to reproduce the behavior:
After running docker run -v pwd:/ca -it openquantumsafe/curl:latest openssl s_client --connect test.openquantumsafe.org:6109 -CAfile /ca/CA.crt -groups kyber768 -security_debug_verbose -msg -trace -tls1_3
Testing with 0.9.2 image results in the same error

You will see:
Security callback: Supported Curve=UNDEF, security bits=192: yes
extension_type=supported_groups(10), length=4
UNKNOWN (572) extension_type=key_share(51), length=1092 NamedGroup: UNKNOWN (572) with 572 or 0x23C as the default id for kyber768

Expected behavior
What I expect to be there is equivalent output to running the command with a X25519 curve
Security callback: Supported Curve=X25519, security bits=128: yes
Server Temp Key: X25519, 253 bits
NamedGroup: ecdh_x25519 (29)

Environment:

  • OS: openquantumsafe/curl:latest
  • OpenSSL version: OpenSSL 3.3.0-dev3
  • oqsprovider version: 0.5.4-dev
@majodu majodu added the bug Something isn't working label Mar 14, 2024
@baentsch
Copy link
Member

Thanks, @majodu for reporting this bug. The documentation at the test server indeed is not in sync with the implementation: This information had been output in oqs-openssl111 (forked code) but is not output when using openssl3 (mainstream code). This however is no issue for oqsprovider but for upstream openssl or rather the documentation in the sample integration underlying the test server. Hence transferring this issue to that project.

@baentsch baentsch transferred this issue from open-quantum-safe/oqs-provider Mar 15, 2024
@baentsch
Copy link
Member

@bhess -- are you following issues in this project? Would you want to do something about this issue in the test server (documentation) or shall we close?

@bhess bhess self-assigned this Aug 23, 2024
@bhess
Copy link
Member

bhess commented Aug 23, 2024

Thanks for tagging me. I'll review the documentation on the test server.

@baentsch
Copy link
Member

@bhess You may want to update the documentation in light of openssl/openssl#25959 which brings this feature to openssl master (no backport) -- so please sync with @ajbozarth as to what code version is being put into the docker images referenced in the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bhess bhess

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bhess @majodu @baentsch