search

cloudflare / go

Go with Cloudflare experimental patches
BSD 3-Clause "New" or "Revised" License
324 stars 45 forks source link

Not interoperable with boring_ssl or boringssl-pq #178

Closed IMSterling closed 6 days ago

IMSterling commented 1 month ago

I am running a local server with vanilla boring_ssl and the CloudFlare fork of boring_ssl bssl server -curves X25519Kyber768Draft00/X25519Kyber512Draft00 -accept 4433 -loop

I have am then trying to connect to the server using the Go demo code which works when run against "https://pq.cloudflareresearch.com".

Running against the bssl server continually returns Error while connecting: NO_SHARED_GROUP 5148525200:error:1000010a:SSL routines:OPENSSL_internal:NO_SHARED_GROUP

where I would expect these options to be interoperable.

Please advise

IMSterling commented 1 month ago

[For followers of the thread] setting the curve preferences directly via the value with CurvePreferences: []tls.CurveID{tls.CurveID(25497)} (for X25519Kyber768Draft00) resolves the issue

bwesterb commented 1 month ago

No need to use our BoringSSL fork: upstream BoringSSL supports X25519Kyber768Draft00 now.