baentsch
commented
8 months ago Thanks, @majodu for reporting this bug. The documentation at the test server indeed is not in sync with the implementation: This information had been output in oqs-openssl111 (forked code) but is not output when using openssl3 (mainstream code). This however is no issue for oqsprovider but for upstream openssl or rather the documentation in the sample integration underlying the test server. Hence transferring this issue to that project.
bhess
Describe the bug Following the instructions on https://test.openquantumsafe.org/ I should find a
Server Temp Keyfield underneathPeer signature typein the output of the openssl s_client command. After running it however, there is no Server Temp Key listed even though running the same command checking for a standard non-pqc algorithm works fine. The command otherwise completes successfully and you are able to GET / the webpage.To Reproduce Steps to reproduce the behavior: After running
docker run -vpwd:/ca -it openquantumsafe/curl:latest openssl s_client --connect test.openquantumsafe.org:6109 -CAfile /ca/CA.crt -groups kyber768 -security_debug_verbose -msg -trace -tls1_3Testing with 0.9.2 image results in the same errorYou will see:
Security callback: Supported Curve=UNDEF, security bits=192: yesextension_type=supported_groups(10), length=4UNKNOWN (572)with 572 or 0x23C as the default id for kyber768Expected behavior What I expect to be there is equivalent output to running the command with a X25519 curve
Security callback: Supported Curve=X25519, security bits=128: yesServer Temp Key: X25519, 253 bitsNamedGroup: ecdh_x25519 (29)Environment: