Open dougch opened 3 years ago
What were the commonalities in the failures? This feels like an unsupported algorithm or flag or similar.
What were the commonalities in the failures? This feels like an unsupported algorithm or flag or similar.
the theme appears to be RSA with TLS1.0, examples:
FAILED test_client_authentication.py::test_client_auth_with_s2n_server[RSA_2048_SHA256-TLS1.0-P-384-OpenSSL-ECDHE-RSA-AES256-SHA] - AssertionError: assert TimeoutException(TimeoutExpired(['s2nd', '-X', '--self-service-blinding', '--non...
FAILED test_client_authentication.py::test_client_auth_with_s2n_server[RSA_2048_SHA384-TLS1.0-P-384-OpenSSL-ECDHE-RSA-AES128-SHA] - AssertionError: assert TimeoutException(TimeoutExpired(['s2nd', '-X', '--self-service-blinding', '--non...
FAILED test_client_authentication.py::test_client_auth_with_s2n_server[RSA_2048_SHA512-TLS1.0-P-384-OpenSSL-ECDHE-RSA-AES256-SHA] - AssertionError: assert TimeoutException(TimeoutExpired(['s2nd', '-X', '--self-service-blinding', '--non...
There is a theme here... the happy_path_test is also failing:
FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-DHE-RSA-AES256-GCM-SHA384]
--
970 | FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-AES128-SHA]
971 | FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-AES256-SHA]
972 | FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-AES128-SHA256]
973 | FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-AES256-SHA256]
974 | FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-ECDHE-RSA-AES128-SHA]
975 | FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-ECDHE-RSA-AES256-SHA]
976 | FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-ECDHE-RSA-AES128-SHA256]
977 | FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-ECDHE-RSA-AES256-SHA384]
978 | FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-ECDHE-RSA-AES128-GCM-SHA256]
979 | FAILED test_happy_path.py::test_s2n_server_happy_path[RSA_4096_SHA256-TLS1.2-P-256-JavaSSL-ECDHE-RSA-AES256-GCM-SHA384]
Security issue notifications
If you discover a potential security issue in s2n we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public github issue.
Problem:
~10% failure rate for the test_client_authentication:
repro steps:
Solution:
A description of the possible solution in terms of S2N architecture. Highlight and explain any potentially controversial design decisions taken.
Requirements / Acceptance Criteria:
What must a solution address in order to solve the problem? How do we know the solution is complete?
Out of scope:
Is there anything the solution will intentionally NOT address?