levitte
commented
3 months ago Oh, so I guess I must learn Rust, then? 😆 (I've tried to avoid that, knowing full well that I'll have to some day)
Open mouse07410 opened 3 months ago
levitte
commented
3 months ago Oh, so I guess I must learn Rust, then? 😆 (I've tried to avoid that, knowing full well that I'll have to some day)
levitte
commented
3 months ago Actually, this could be much simpler than I anticipated. SSL_ERROR_ZERO_RETURN indicates that the TLS peer closed the connection without a close notify. This has become more "normal" lately, so OpenSSL now has an option SSL_OP_IGNORE_UNEXPECTED_EOF to allow this behavior.
See the TLS Changes section in OpenSSL's migration guide or SSL_CTX_set_options(3) / SSL_set_options(3).
iyanmv
commented
3 months ago I think I observe a similar issue, but easier to reproduce with just curl.
curl -v https://downloads.1password.com/linux/tar/stable/x86_64/1password-8.10.30.x64.tar.gz.sigThis fails with liboqs 0.10.0, OpenSSL 3.2.1 and oqs-provider 0.6.0, and oqsprovider enabled in openssl.cnf.
mouse07410
commented
3 months ago Oh, so I guess I must learn Rust, then? 😆
@levitte Of course! Didn't you know that all along? :-)
'm not sure how to answer your question, as I'm unsure what to look at.
Unfortunately, neither do I. Code that I didn't write uses OpenSSL library that misbehaves when OQS provider is present/loaded.
The best I see is the example from @iyanmv that reproduces the problem with curl.
What I observe with this reproducer is that TLS 1.3 Handshake begins with sending "Client Hello", and after that connection attempt fails, with server responding with "close notify" (not on timeout, as I thought?).
What's in the "Client Hello" when OQS is loaded, that the server doesn't even bother to answer?
SSL_ERROR_ZERO_RETURNindicates that the TLS peer closed the connection without a close notify. This has become more "normal" lately, so OpenSSL now has an optionSSL_OP_IGNORE_UNEXPECTED_EOFto allow this behavior.
Unfortunately, the problem manifests itself with (popular and widely used) code that none of the participants here wrote or has any control over. If we had a reproducer, we could try adding that TLS option and see if it fixes the problem. As it is, I don't know...
And why everything is OK with OQS provider is out of the picture (with all the other providers enabled)?
Also, this problem appeared only this week. What changed, and where? (https://index.crates.io, OpenSSL, liboqs, oqs-provider?)
levitte
commented
3 months ago @iyanmv's curl example shows that this happens in the handshake.
There is one thing that might, or might not be related to this: the OQS provider uses SIGALG capabilities to add signature algorithms to the set that libssl has built in. It's possible that this affects the TLS handshake in a way that causes this issue.
iyanmv
commented
3 months ago I was writing this for something else, but I leave it here in case it's useful for anyone to reproduce the issue with my exact setup:
podman run -it --rm archlinux:base-devel sh -c "$(cat <<EOF
# Update packages & install dependencies to build liboqs and oqs-provider
pacman -Syu --noconfirm &&
pacman -S --noconfirm \
cmake \
curl \
doxygen \
git \
ninja \
python \
python-jinja \
python-tabulate \
python-yaml
# Build liboqs & install
git clone https://aur.archlinux.org/liboqs.git
# chmod 777 directory because makepkg cannot run as root
chmod 777 liboqs && cd liboqs
runuser -unobody -- makepkg --nocheck
pacman -U --noconfirm liboqs-1\:0.10.0-2-x86_64.pkg.tar.zst
# Build oqs-provider & install
cd ..
git clone https://aur.archlinux.org/oqsprovider.git
# chmod 777 directory because makepkg cannot run as root
chmod 777 oqsprovider && cd oqsprovider
runuser -unobody -- makepkg --nocheck
pacman -U --noconfirm oqsprovider-0.6.0-1-x86_64.pkg.tar.zst
# Get openssl conf file from oqs-provider/scripts
cd ..
curl -O https://raw.githubusercontent.com/open-quantum-safe/oqs-provider/main/scripts/openssl-ca.cnf
# This works (oqsprovider is not enabled)
curl -v -o /dev/null https://downloads.1password.com/linux/tar/stable/x86_64/1password-8.10.30.x64.tar.gz.sig
# This doesn't work (oqsprovider enabled)
export OPENSSL_CONF=/openssl-ca.cnf
curl -v -o /dev/null https://downloads.1password.com/linux/tar/stable/x86_64/1password-8.10.30.x64.tar.gz.sig
EOF
)"But I was able to reproduce using the fullbuild.sh script, so I don't think it's an issue of how I'm building liboqs or oqs-provider.
Since this only happens with certain servers, can it also be a "misconfiguration" on the server side? If the client offers PQC KEM, perhaps that triggers something on the server side that causes the handshake to fail.
iyanmv
commented
3 months ago Checking the exchange with wireshark, it really looks like a server issue. It responds with a close notify message after the client hello.
(Github doesn't like .pcapng, so renamed to .txt) wrong_tls.txt
mouse07410
commented
3 months ago This is the captured TLS 1.3 "Client Hello" with OQS provider enabled, which causes the server to shut up and not even respond with "Server Hello":
Frame 2122: 573 bytes on wire (4584 bits), 573 bytes captured (4584 bits) on interface utun6, id 0
Null/Loopback
Internet Protocol Version 4, Src: 570657, Dst: llproxy
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 569
Identification: 0x0000 (0)
010. .... = Flags: 0x2, Don't fragment
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 64
Protocol: TCP (6)
Header Checksum: 0x5276 [validation disabled]
[Header checksum status: Unverified]
Source Address: 570657
Destination Address: llproxy
Transmission Control Protocol, Src Port: 55418 (55418), Dst Port: http-alt (8080), Seq: 138, Ack: 40, Len: 517
Source Port: 55418 (55418)
Destination Port: http-alt (8080)
[Stream index: 25]
[Conversation completeness: Incomplete, DATA (15)]
[TCP Segment Len: 517]
Sequence Number: 138 (relative sequence number)
Sequence Number (raw): 380035978
[Next Sequence Number: 655 (relative sequence number)]
Acknowledgment Number: 40 (relative ack number)
Acknowledgment number (raw): 1715394820
1000 .... = Header Length: 32 bytes (8)
Flags: 0x018 (PSH, ACK)
Window: 2063
[Calculated window size: 132032]
[Window size scaling factor: 64]
Checksum: 0xe34f [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
[Timestamps]
[SEQ/ACK analysis]
[iRTT: 0.040025000 seconds]
[Bytes in flight: 517]
[Bytes sent since last PSH flag: 517]
TCP payload (517 bytes)
Hypertext Transfer Protocol
[Proxy-Connect-Hostname: downloads.1password.com]
[Proxy-Connect-Port: 443]
Transport Layer Security
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 512
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 508
Version: TLS 1.2 (0x0303)
Random: ef94575e1e812afe832592b974becdf2498f1ad65e5e550a538428a94070984b
Session ID Length: 32
Session ID: 06d4b608c8fc46d17dee91e795b9496b9a688fb9578a9d0b68a8e053709ff6dc
Cipher Suites Length: 72
Cipher Suites (36 suites)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC (0xc101)
Cipher Suite: TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC (0xc100)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: Unknown (0xff85)
Cipher Suite: TLS_GOSTR341112_256_WITH_28147_CNT_IMIT (0xc102)
Cipher Suite: TLS_GOSTR341001_WITH_28147_CNT_IMIT (0x0081)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 363
Extension: server_name (len=28) name=downloads.1password.com
Extension: ec_point_formats (len=4)
Extension: supported_groups (len=22)
Type: supported_groups (10)
Length: 22
Supported Groups List Length: 20
Supported Groups (10 groups)
Supported Group: x25519 (0x001d)
Supported Group: secp256r1 (0x0017)
Supported Group: x448 (0x001e)
Supported Group: secp521r1 (0x0019)
Supported Group: secp384r1 (0x0018)
Supported Group: ffdhe2048 (0x0100)
Supported Group: ffdhe3072 (0x0101)
Supported Group: ffdhe4096 (0x0102)
Supported Group: ffdhe6144 (0x0103)
Supported Group: ffdhe8192 (0x0104)
Extension: application_layer_protocol_negotiation (len=14)
Type: application_layer_protocol_negotiation (16)
Length: 14
ALPN Extension Length: 12
ALPN Protocol
ALPN string length: 2
ALPN Next Protocol: h2
ALPN string length: 8
ALPN Next Protocol: http/1.1
Extension: encrypt_then_mac (len=0)
Extension: extended_master_secret (len=0)
Extension: post_handshake_auth (len=0)
Extension: signature_algorithms (len=154)
Type: signature_algorithms (13)
Length: 154
Signature Hash Algorithms Length: 152
Signature Hash Algorithms (76 algorithms)
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
Signature Algorithm: ed25519 (0x0807)
Signature Algorithm: ed448 (0x0808)
Signature Algorithm: Unknown Unknown (0x081a)
Signature Algorithm: Unknown Unknown (0x081b)
Signature Algorithm: Unknown Unknown (0x081c)
Signature Algorithm: rsa_pss_pss_sha256 (0x0809)
Signature Algorithm: rsa_pss_pss_sha384 (0x080a)
Signature Algorithm: rsa_pss_pss_sha512 (0x080b)
Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
Signature Algorithm: SHA224 ECDSA (0x0303)
Signature Algorithm: SHA224 RSA (0x0301)
Signature Algorithm: SHA224 DSA (0x0302)
Signature Algorithm: SHA256 DSA (0x0402)
Signature Algorithm: SHA384 DSA (0x0502)
Signature Algorithm: SHA512 DSA (0x0602)
Signature Algorithm: Unknown Unknown (0x0840)
Signature Algorithm: Unknown Unknown (0x0841)
Signature Algorithm: Unknown Unknown (0xeeee)
Signature Algorithm: Unknown Unknown (0xefef)
Signature Algorithm: Unknown Unknown (0xeded)
Signature Algorithm: dilithium2 (0xfea0)
Signature Algorithm: p256_dilithium2 (0xfea1)
Signature Algorithm: rsa3072_dilithium2 (0xfea2)
Signature Algorithm: dilithium3 (0xfea3)
Signature Algorithm: p384_dilithium3 (0xfea4)
Signature Algorithm: dilithium5 (0xfea5)
Signature Algorithm: p521_dilithium5 (0xfea6)
Signature Algorithm: Unknown Unknown (0xfed0)
Signature Algorithm: Unknown Unknown (0xfed3)
Signature Algorithm: Unknown Unknown (0xfed4)
Signature Algorithm: Unknown Unknown (0xfee1)
Signature Algorithm: Unknown Unknown (0xfee2)
Signature Algorithm: Unknown Unknown (0xfee3)
Signature Algorithm: Unknown Unknown (0xfee4)
Signature Algorithm: Unknown Unknown (0xfee5)
Signature Algorithm: Unknown Unknown (0xfed1)
Signature Algorithm: Unknown Unknown (0xfed5)
Signature Algorithm: Unknown Unknown (0xfee6)
Signature Algorithm: Unknown Unknown (0xfee7)
Signature Algorithm: Unknown Unknown (0xfee8)
Signature Algorithm: Unknown Unknown (0xfee9)
Signature Algorithm: Unknown Unknown (0xfeea)
Signature Algorithm: Unknown Unknown (0xfed2)
Signature Algorithm: Unknown Unknown (0xfed6)
Signature Algorithm: Unknown Unknown (0xfeeb)
Signature Algorithm: Unknown Unknown (0xfeec)
Signature Algorithm: Unknown Unknown (0xfeed)
Signature Algorithm: Unknown Unknown (0xfed7)
Signature Algorithm: Unknown Unknown (0xfed8)
Signature Algorithm: Unknown Unknown (0xfed9)
Signature Algorithm: Unknown Unknown (0xfedc)
Signature Algorithm: Unknown Unknown (0xfedd)
Signature Algorithm: Unknown Unknown (0xfede)
Signature Algorithm: Unknown Unknown (0xfeda)
Signature Algorithm: Unknown Unknown (0xfedb)
Signature Algorithm: Unknown Unknown (0xfedf)
Signature Algorithm: Unknown Unknown (0xfee0)
Signature Algorithm: Unknown Unknown (0xfeb3)
Signature Algorithm: Unknown Unknown (0xfeb4)
Signature Algorithm: Unknown Unknown (0xfeb5)
Signature Algorithm: Unknown Unknown (0xfeb6)
Signature Algorithm: Unknown Unknown (0xfeb7)
Signature Algorithm: Unknown Unknown (0xfeb8)
Signature Algorithm: Unknown Unknown (0xfeb9)
Signature Algorithm: Unknown Unknown (0xfeba)
Signature Algorithm: Unknown Unknown (0xfec2)
Signature Algorithm: Unknown Unknown (0xfec3)
Signature Algorithm: Unknown Unknown (0xfec4)
Extension: supported_versions (len=5) TLS 1.3, TLS 1.2
Extension: psk_key_exchange_modes (len=2)
Extension: key_share (len=38) x25519
Extension: compress_certificate (len=3)
Extension: padding (len=41)
Type: padding (21)
Length: 41
Padding Data: 0000000000000000000000000000000000000000000000000000000000000000000000000000000000
[JA4: t13d3613h2_6399a10af667_f48b99e0092b]
[JA4_r [truncated]: t13d3613h2_002f,0033,0035,0039,003c,003d,0067,006b,0081,009c,009d,009e,009f,00ff,1301,1302,1303,c009,c00a,c013,c014,c023,c024,c027,c028,c02b,c02c,c02f,c030,c100,c101,c102,cca8,cca9,ccaa,ff85_000a,000b,000d,0015,0016,0017]
[JA3 Fullstring [truncated]: 771,4866-4867-4865-49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-49409-49408-61-60-65413-49410-129-53-47-255,0-11-10-16-22-23-49-13-43-45]
[JA3: 6720a890086e507a3e8b799f7b4413cc]And here's the exchange ("Client Hello" and "Server Hello") between the same entities, with OQS provider disabled (commented out in openssl.cnf):
Frame 292: 573 bytes on wire (4584 bits), 573 bytes captured (4584 bits) on interface utun6, id 0
Null/Loopback
Internet Protocol Version 4, Src: 570657, Dst: llproxy
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 569
Identification: 0x0000 (0)
010. .... = Flags: 0x2, Don't fragment
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 64
Protocol: TCP (6)
Header Checksum: 0x5276 [validation disabled]
[Header checksum status: Unverified]
Source Address: 570657
Destination Address: llproxy
Transmission Control Protocol, Src Port: 56174 (56174), Dst Port: http-alt (8080), Seq: 138, Ack: 40, Len: 517
Source Port: 56174 (56174)
Destination Port: http-alt (8080)
[Stream index: 6]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 517]
Sequence Number: 138 (relative sequence number)
Sequence Number (raw): 3711377751
[Next Sequence Number: 655 (relative sequence number)]
Acknowledgment Number: 40 (relative ack number)
Acknowledgment number (raw): 1722682165
1000 .... = Header Length: 32 bytes (8)
Flags: 0x018 (PSH, ACK)
Window: 2063
[Calculated window size: 132032]
[Window size scaling factor: 64]
Checksum: 0x4bcb [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
[Timestamps]
[SEQ/ACK analysis]
[iRTT: 0.038972000 seconds]
[Bytes in flight: 517]
[Bytes sent since last PSH flag: 517]
TCP payload (517 bytes)
Hypertext Transfer Protocol
[Proxy-Connect-Hostname: downloads.1password.com]
[Proxy-Connect-Port: 443]
Transport Layer Security
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 512
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 508
Version: TLS 1.2 (0x0303)
Random: b29337a048932efa10158c94d5d0489dc7e3da43874664ff7c9b17e57aa2d061
Session ID Length: 32
Session ID: 576c4be933dfa3765375788a2708c6a1775c02378f1bbdeda04d4dc8a96aff8d
Cipher Suites Length: 72
Cipher Suites (36 suites)
Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
Cipher Suite: TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xccaa)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC (0xc101)
Cipher Suite: TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC (0xc100)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: Unknown (0xff85)
Cipher Suite: TLS_GOSTR341112_256_WITH_28147_CNT_IMIT (0xc102)
Cipher Suite: TLS_GOSTR341001_WITH_28147_CNT_IMIT (0x0081)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 363
Extension: server_name (len=28) name=downloads.1password.com
Type: server_name (0)
Length: 28
Server Name Indication extension
Server Name list length: 26
Server Name Type: host_name (0)
Server Name length: 23
Server Name: downloads.1password.com
Extension: ec_point_formats (len=4)
Type: ec_point_formats (11)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
Extension: supported_groups (len=22)
Type: supported_groups (10)
Length: 22
Supported Groups List Length: 20
Supported Groups (10 groups)
Supported Group: x25519 (0x001d)
Supported Group: secp256r1 (0x0017)
Supported Group: x448 (0x001e)
Supported Group: secp521r1 (0x0019)
Supported Group: secp384r1 (0x0018)
Supported Group: ffdhe2048 (0x0100)
Supported Group: ffdhe3072 (0x0101)
Supported Group: ffdhe4096 (0x0102)
Supported Group: ffdhe6144 (0x0103)
Supported Group: ffdhe8192 (0x0104)
Extension: application_layer_protocol_negotiation (len=14)
Type: application_layer_protocol_negotiation (16)
Length: 14
ALPN Extension Length: 12
ALPN Protocol
ALPN string length: 2
ALPN Next Protocol: h2
ALPN string length: 8
ALPN Next Protocol: http/1.1
Extension: encrypt_then_mac (len=0)
Type: encrypt_then_mac (22)
Length: 0
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: post_handshake_auth (len=0)
Type: post_handshake_auth (49)
Length: 0
Extension: signature_algorithms (len=58)
Type: signature_algorithms (13)
Length: 58
Signature Hash Algorithms Length: 56
Signature Hash Algorithms (28 algorithms)
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: ed25519 (0x0807)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (7)
Signature Algorithm: ed448 (0x0808)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (8)
Signature Algorithm: Unknown Unknown (0x081a)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (26)
Signature Algorithm: Unknown Unknown (0x081b)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (27)
Signature Algorithm: Unknown Unknown (0x081c)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (28)
Signature Algorithm: rsa_pss_pss_sha256 (0x0809)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (9)
Signature Algorithm: rsa_pss_pss_sha384 (0x080a)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (10)
Signature Algorithm: rsa_pss_pss_sha512 (0x080b)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (11)
Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: SM2 (4)
Signature Algorithm: rsa_pss_rsae_sha384 (0x0805)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (5)
Signature Algorithm: rsa_pss_rsae_sha512 (0x0806)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (6)
Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: SHA224 ECDSA (0x0303)
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: SHA224 RSA (0x0301)
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: SHA224 DSA (0x0302)
Signature Hash Algorithm Hash: SHA224 (3)
Signature Hash Algorithm Signature: DSA (2)
Signature Algorithm: SHA256 DSA (0x0402)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: DSA (2)
Signature Algorithm: SHA384 DSA (0x0502)
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: DSA (2)
Signature Algorithm: SHA512 DSA (0x0602)
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: DSA (2)
Signature Algorithm: Unknown Unknown (0x0840)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (64)
Signature Algorithm: Unknown Unknown (0x0841)
Signature Hash Algorithm Hash: Unknown (8)
Signature Hash Algorithm Signature: Unknown (65)
Signature Algorithm: Unknown Unknown (0xeeee)
Signature Hash Algorithm Hash: Unknown (238)
Signature Hash Algorithm Signature: Unknown (238)
Signature Algorithm: Unknown Unknown (0xefef)
Signature Hash Algorithm Hash: Unknown (239)
Signature Hash Algorithm Signature: Unknown (239)
Signature Algorithm: Unknown Unknown (0xeded)
Signature Hash Algorithm Hash: Unknown (237)
Signature Hash Algorithm Signature: Unknown (237)
Extension: supported_versions (len=5) TLS 1.3, TLS 1.2
Type: supported_versions (43)
Length: 5
Supported Versions length: 4
Supported Version: TLS 1.3 (0x0304)
Supported Version: TLS 1.2 (0x0303)
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1)
Extension: key_share (len=38) x25519
Type: key_share (51)
Length: 38
Key Share extension
Client Key Share Length: 36
Key Share Entry: Group: x25519, Key Exchange length: 32
Extension: compress_certificate (len=3)
Type: compress_certificate (27)
Length: 3
Algorithms Length: 2
Algorithm: zlib (1)
Extension: padding (len=137)
Type: padding (21)
Length: 137
Padding Data [truncated]: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
[JA4: t13d3613h2_6399a10af667_30e4835ce18a]
[JA4_r [truncated]: t13d3613h2_002f,0033,0035,0039,003c,003d,0067,006b,0081,009c,009d,009e,009f,00ff,1301,1302,1303,c009,c00a,c013,c014,c023,c024,c027,c028,c02b,c02c,c02f,c030,c100,c101,c102,cca8,cca9,ccaa,ff85_000a,000b,000d,0015,0016,0017]
[JA3 Fullstring [truncated]: 771,4866-4867-4865-49196-49200-159-52393-52392-52394-49195-49199-158-49188-49192-107-49187-49191-103-49162-49172-57-49161-49171-51-157-156-49409-49408-61-60-65413-49410-129-53-47-255,0-11-10-16-22-23-49-13-43-45]
[JA3: 6720a890086e507a3e8b799f7b4413cc]
Frame 304: 1404 bytes on wire (11232 bits), 1404 bytes captured (11232 bits) on interface utun6, id 0
Null/Loopback
Internet Protocol Version 4, Src: llproxy, Dst: 570657
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x88 (DSCP: AF41, ECN: Not-ECT)
Total Length: 1400
Identification: 0x192b (6443)
010. .... = Flags: 0x2, Don't fragment
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 251
Protocol: TCP (6)
Header Checksum: 0x7a83 [validation disabled]
[Header checksum status: Unverified]
Source Address: llproxy
Destination Address: 570657
Transmission Control Protocol, Src Port: http-alt (8080), Dst Port: 56174 (56174), Seq: 40, Ack: 655, Len: 1348
Source Port: http-alt (8080)
Destination Port: 56174 (56174)
[Stream index: 6]
[Conversation completeness: Complete, WITH_DATA (31)]
[TCP Segment Len: 1348]
Sequence Number: 40 (relative sequence number)
Sequence Number (raw): 1722682165
[Next Sequence Number: 1388 (relative sequence number)]
Acknowledgment Number: 655 (relative ack number)
Acknowledgment number (raw): 3711378268
1000 .... = Header Length: 32 bytes (8)
Flags: 0x010 (ACK)
Window: 14254
[Calculated window size: 14254]
[Window size scaling factor: 1]
Checksum: 0x7cea [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
[Timestamps]
[SEQ/ACK analysis]
[iRTT: 0.038972000 seconds]
[Bytes in flight: 1348]
[Bytes sent since last PSH flag: 1348]
TCP payload (1348 bytes)
[Reassembled PDU in frame: 308]
TCP segment data (1174 bytes)
Hypertext Transfer Protocol
[Proxy-Connect-Hostname: downloads.1password.com]
[Proxy-Connect-Port: 443]
Transport Layer Security
TLSv1.3 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 122
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 118
Version: TLS 1.2 (0x0303)
Random: d226ecbde4695ff4a946b4b7723d5a21ac3750463b0138670eec8459c7cf8daf
Session ID Length: 32
Session ID: 576c4be933dfa3765375788a2708c6a1775c02378f1bbdeda04d4dc8a96aff8d
Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
Compression Method: null (0)
Extensions Length: 46
Extension: supported_versions (len=2) TLS 1.3
Type: supported_versions (43)
Length: 2
Supported Version: TLS 1.3 (0x0304)
Extension: key_share (len=36) x25519
Type: key_share (51)
Length: 36
Key Share extension
Key Share Entry: Group: x25519, Key Exchange length: 32
Group: x25519 (29)
Key Exchange Length: 32
Key Exchange: f4f3fc894f03b37b0b10b294db48e402ee60a6a86af760d992c86ccfb6a3a526
[JA3S Fullstring: 771,4865,43-51]
[JA3S: f4febc55ea12b31ae17cfb7e614afda8]
TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.3 Record Layer: Application Data Protocol: Hypertext Transfer Protocol
Opaque Type: Application Data (23)
Version: TLS 1.2 (0x0303)
Length: 36
Encrypted Application Data: 133cf835eed335cca80224c967bb5bf665a157747305ef531022350391f70df94ba9b033
[Application Data Protocol: Hypertext Transfer Protocol]
TLS segment data (1174 bytes)I suspected something like that. The server like, "yo'weeeird, I'm walking away"
mouse07410
commented
3 months ago I suspected something like that. The server like, "yo'weeeird, I'm walking away"
Is there any way to test/validate this hypothesis? And if it proves true - how can we work around this problem without completely disabling OQS provider?
ashman-p
commented
3 months ago I suspected something like that. The server like, "yo'weeeird, I'm walking away"
Is there any way to test/validate this hypothesis? And if it proves true - how can we work around this problem without completely disabling OQS provider?
You could run s_client to connect to your server with a limited list of cipher suites, groups and sig algs?
./openssl s_client -connect
mouse07410
commented
3 months ago With OpenSSL-3.4.x-dev (master branch):
$ openssl3 version
OpenSSL 3.4.0-dev (Library: OpenSSL 3.4.0-dev )
$
$ openssl3 s_client -debug -connect www.ibm.com:443 -tls1_3 -groups kyber512 -provider oqs
Connecting to 23.34.93.246
CONNECTED(00000005)
write to 0x600003c98000 [0x7f80f6810400] (1094 bytes => 1094 (0x446))
0000 - 16 03 01 04 41 01 00 04-3d 03 03 4f a7 90 56 e7 ....A...=..O..V.
0010 - 5e 76 a4 6e 3b d1 cf c1-56 d8 5a e3 6d cf 55 43 ^v.n;...V.Z.m.UC
0020 - 5b f2 a9 9a b4 cd 95 16-79 b2 de 20 13 6f cd 52 [.......y.. .o.R
0030 - 59 b8 7b 1a 67 41 32 6f-40 e5 3d d3 a1 46 9c 70 Y.{.gA2o@.=..F.p
0040 - 6d 35 b3 16 cc 80 af 97-7d 31 a3 df 00 06 13 02 m5......}1......
0050 - 13 03 13 01 01 00 03 ee-00 00 00 10 00 0e 00 00 ................
0060 - 0b 77 77 77 2e 69 62 6d-2e 63 6f 6d 00 0a 00 04 .www.ibm.com....
0070 - 00 02 02 3a 00 23 00 00-00 16 00 00 00 17 00 00 ...:.#..........
0080 - 00 0d 00 84 00 82 04 03-05 03 06 03 08 07 08 08 ................
0090 - 08 1a 08 1b 08 1c 08 09-08 0a 08 0b 08 04 08 05 ................
00a0 - 08 06 04 01 05 01 06 01-fe a0 fe a1 fe a2 fe a3 ................
00b0 - fe a4 fe a5 fe a6 fe d0-fe d3 fe d4 fe e1 fe e2 ................
00c0 - fe e3 fe e4 fe e5 fe d1-fe d5 fe e6 fe e7 fe e8 ................
00d0 - fe e9 fe ea fe d2 fe d6-fe eb fe ec fe ed fe d7 ................
00e0 - fe d8 fe d9 fe dc fe dd-fe de fe da fe db fe df ................
00f0 - fe e0 fe b3 fe b4 fe b5-fe b6 fe b7 fe b8 fe b9 ................
0100 - fe ba fe c2 fe c3 fe c4-00 2b 00 03 02 03 04 00 .........+......
0110 - 2d 00 02 01 01 00 33 03-26 03 24 02 3a 03 20 85 -.....3.&.$.:. .
0120 - 76 40 77 08 0c 59 f5 42-11 93 8d 03 e8 9d 39 ac v@w..Y.B......9.
0130 - 20 18 5b 29 f0 a0 33 9d-ea 1e bb b1 2d da 31 33 .[)..3.....-.13
0140 - 5e a6 32 b7 75 37 f3 63-5b 8e a0 00 15 9c 40 06 ^.2.u7.c[.....@.
0150 - 25 a0 55 a8 01 a0 3c 87-91 e1 36 6d 29 4e 75 d4 %.U...<...6m)Nu.
0160 - 23 e3 e2 0b e4 d7 7b 63-11 18 97 90 73 94 d7 7f #.....{c....s...
0170 - 98 f5 31 0b 2b c1 d0 44-15 89 d2 16 90 91 b3 c1 ..1.+..D........
0180 - 82 1f de 17 80 d4 48 8e-20 e3 88 72 06 af 6a 33 ......H. ..r..j3
0190 - 9e be c6 70 dd 93 9a 0a-67 30 11 46 9d ac 15 2b ...p....g0.F...+
01a0 - d7 44 90 ee 74 7a 46 68-ae d2 b3 07 b5 c1 09 6d .D..tzFh.......m
01b0 - 17 19 2a 9c 1e 71 69 b4-12 54 81 ab 83 8e 4a 1b ..*..qi..T....J.
01c0 - 97 aa 42 63 1f 12 6d 79-d2 7a 02 e2 74 bf b5 bc ..Bc..my.z..t...
01d0 - 75 4b 01 82 d8 15 a4 22-96 71 08 84 b6 34 c1 34 uK.....".q...4.4
01e0 - b2 54 27 40 17 af 73 75-06 c0 4b 91 da 22 ab c4 .T'@..su..K.."..
01f0 - c1 11 09 63 8d 93 0e 47-b2 bb 6b 8b 9d 0d 74 64 ...c...G..k...td
0200 - a6 2b 81 82 c3 cd 0a ab-58 e7 e4 88 56 97 79 fa .+......X...V.y.
0210 - 11 88 e7 55 c4 fe d9 10-ff 59 34 bc db c7 15 dc ...U.....Y4.....
0220 - a6 f0 26 cd 1e 6a 42 8c-07 62 59 c5 a2 34 7a 68 ..&..jB..bY..4zh
0230 - 96 e0 28 94 08 10 b6 f0-78 93 b4 c6 6f d4 03 23 ..(.....x...o..#
0240 - c3 c1 17 f2 0c 77 c5 5b-2a f4 69 41 ba 8d c1 78 .....w.[*.iA...x
0250 - 19 11 16 c0 91 67 35 4b-bc c5 39 28 11 fc 09 54 .....g5K..9(...T
0260 - 4e 99 71 bd 7b 16 aa 37-30 3e bc ae 50 2c 98 df N.q.{..70>..P,..
0270 - 2b b6 61 0a 61 f1 39 5f-64 eb 8a c4 5c 6c 48 33 +.a.a.9_d...\lH3
0280 - 84 6b 12 7a ca 38 9f cf-b9 b5 d3 3a 9c 2f e1 ca .k.z.8.....:./..
0290 - 13 86 a2 35 53 0e 58 69-83 ee b3 14 86 52 62 34 ...5S.Xi.....Rb4
02a0 - 01 0e 1c a7 06 03 c8 77-b9 70 cb 8b 06 0f 8c b0 .......w.p......
02b0 - 9f 70 78 63 1b 15 54 d2-e5 33 d9 52 12 3f 15 93 .pxc..T..3.R.?..
02c0 - 3a ba 70 a3 c6 7d 38 21-2b f7 73 a4 07 54 22 7a :.p..}8!+.s..T"z
02d0 - d3 98 25 c2 6b a1 a9 2a-dd a1 4b e1 d2 95 df f6 ..%.k..*..K.....
02e0 - 62 0e d6 1c 40 30 47 85-08 a3 9e 79 0b b4 96 19 b...@0G....y....
02f0 - ee b8 27 a9 20 93 80 00-a3 7a 63 70 3f 75 43 f4 ..'. ....zcp?uC.
0300 - 63 9a 57 6c 7d 46 14 c7-25 04 21 50 72 cd 95 52 c.Wl}F..%.!Pr..R
0310 - c2 bf eb 2c d8 49 c5 59-78 56 b0 ca 0a e1 06 a9 ...,.I.YxV......
0320 - bc 41 55 ad 36 8b 9a 9b-a5 5c 38 42 ee ac 6d 21 .AU.6....\8B..m!
0330 - a0 a9 76 83 46 23 86 ae-59 39 9d 6c 44 52 1f 01 ..v.F#..Y9.lDR..
0340 - 32 59 c6 2b 90 81 40 9f-1a 38 38 9a 90 36 bb 1e 2Y.+..@..88..6..
0350 - 41 20 7a 17 53 9b 86 bb-4a 49 7b 8f b3 97 84 00 A z.S...JI{.....
0360 - 6a cb 35 b9 5e f0 14 89-10 55 86 a3 30 7e 6b 03 j.5.^....U..0~k.
0370 - 39 2e bc 0f b8 66 79 a8-81 95 76 ac c5 fb f9 21 9....fy...v....!
0380 - e9 63 a8 76 70 63 d1 23-52 10 70 c4 83 ab 4a d8 .c.vpc.#R.p...J.
0390 - b5 7e 71 58 79 1b 62 75-e5 e4 a3 ca d3 32 18 19 .~qXy.bu.....2..
03a0 - 0f 3a 69 9d 08 84 06 af-e7 c0 16 23 36 6b cc 30 .:i........#6k.0
03b0 - 9b ca 1d 41 a1 ba b0 49-73 6a 15 72 ed 12 cb a1 ...A...Isj.r....
03c0 - a9 b4 c8 19 34 9b 83 c7-90 44 50 71 17 15 8e 89 ....4....DPq....
03d0 - 41 29 48 14 90 13 19 e1-00 cc e3 73 a8 f6 40 1c A)H........s..@.
03e0 - 19 54 80 48 e1 18 8f 32-3b 0b 65 43 b1 47 10 fc .T.H...2;.eC.G..
03f0 - 20 b0 e5 1b 6c 5b fc 08-08 f6 6b 33 54 c5 0f 14 ...l[....k3T...
0400 - a9 76 37 1e 83 e7 16 ce-91 5d ce 98 61 ee 54 1f .v7......]..a.T.
0410 - a7 86 25 de 06 26 28 6a-37 7c d5 20 c3 9a 02 b4 ..%..&(j7|. ....
0420 - 7b 19 dc 4c f6 ba 7e 6d-36 65 f5 05 5a e2 2e a5 {..L..~m6e..Z...
0430 - 61 14 bd ec 1d 76 bb bb-d2 bf d0 8e 0f d0 9b 00 a....v..........
0440 - 1b 00 03 02 00 01 ......
read from 0x600003c98000 [0x7f80f800e203] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 02 .....
read from 0x600003c98000 [0x7f80f800e208] (2 bytes => 2 (0x2))
0000 - 02 28 .(
00B1D253F87F0000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:907:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 1094 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x600003c98000 [0x7f80f480e400] (8192 bytes => 0)
$ openssl3 s_client -debug -connect www.downloads.1password.com:443 -tls1_3 -groups kyber512 -provider oqs
Connecting to 3.90.54.249
CONNECTED(00000006)
write to 0x600003b3c000 [0x7fd452011c00] (1110 bytes => 1110 (0x456))
0000 - 16 03 01 04 51 01 00 04-4d 03 03 a8 8b d5 ef 77 ....Q...M......w
0010 - e7 05 14 13 56 71 00 48-85 84 ae a6 5f 43 c8 5e ....Vq.H...._C.^
0020 - d2 79 34 ef d1 70 89 da-d4 29 6c 20 a3 0a e6 f9 .y4..p...)l ....
0030 - f7 eb 4f 21 84 08 42 d5-0c b7 17 29 1f a1 be 47 ..O!..B....)...G
0040 - 48 04 1d 5d 28 aa 2d 6f-9d 21 fc 05 00 06 13 02 H..](.-o.!......
0050 - 13 03 13 01 01 00 03 fe-00 00 00 20 00 1e 00 00 ........... ....
0060 - 1b 77 77 77 2e 64 6f 77-6e 6c 6f 61 64 73 2e 31 .www.downloads.1
0070 - 70 61 73 73 77 6f 72 64-2e 63 6f 6d 00 0a 00 04 password.com....
0080 - 00 02 02 3a 00 23 00 00-00 16 00 00 00 17 00 00 ...:.#..........
0090 - 00 0d 00 84 00 82 04 03-05 03 06 03 08 07 08 08 ................
00a0 - 08 1a 08 1b 08 1c 08 09-08 0a 08 0b 08 04 08 05 ................
00b0 - 08 06 04 01 05 01 06 01-fe a0 fe a1 fe a2 fe a3 ................
00c0 - fe a4 fe a5 fe a6 fe d0-fe d3 fe d4 fe e1 fe e2 ................
00d0 - fe e3 fe e4 fe e5 fe d1-fe d5 fe e6 fe e7 fe e8 ................
00e0 - fe e9 fe ea fe d2 fe d6-fe eb fe ec fe ed fe d7 ................
00f0 - fe d8 fe d9 fe dc fe dd-fe de fe da fe db fe df ................
0100 - fe e0 fe b3 fe b4 fe b5-fe b6 fe b7 fe b8 fe b9 ................
0110 - fe ba fe c2 fe c3 fe c4-00 2b 00 03 02 03 04 00 .........+......
0120 - 2d 00 02 01 01 00 33 03-26 03 24 02 3a 03 20 24 -.....3.&.$.:. $
0130 - 36 81 6d b4 4f 64 ab 7e-d2 73 3a 18 77 8a d3 4c 6.m.Od.~.s:.w..L
0140 - 14 ef 63 1e 7d 37 52 cb-48 17 5f 49 24 29 97 0e ..c.}7R.H._I$)..
0150 - dc 08 13 1f 14 97 58 2a-5d c8 00 b3 50 cc 43 6f ......X*]...P.Co
0160 - 43 7f f1 3a 62 65 c1 b9-3a 0a c9 40 69 11 7c ec C..:be..:..@i.|.
0170 - aa 5e 95 52 d1 b4 9b af-01 6d 93 a7 09 e6 ba 83 .^.R.....m......
0180 - 37 40 93 e5 ec 60 f1 b5-4a df 3b 2f d0 04 c2 f3 7@...`..J.;/....
0190 - d7 b2 a4 f6 86 38 f9 46-de a4 c0 5e 78 95 f7 fc .....8.F...^x...
01a0 - 2c 23 9c 37 c1 90 bf f5-c4 12 15 41 64 5e c5 21 ,#.7.......Ad^.!
01b0 - a1 38 c4 8f d3 11 77 b1-31 d4 c3 77 25 c8 af 89 .8....w.1..w%...
01c0 - 14 50 30 d2 a2 a7 6b 9d-29 01 7c bd 21 98 cb 20 .P0...k.).|.!..
01d0 - 32 35 3b b3 2e b0 08 06-a9 12 17 c3 bb 1f 03 72 25;............r
01e0 - 4c e2 8d 64 a7 37 dc 61-bb 51 d5 89 bf 93 74 48 L..d.7.a.Q....tH
01f0 - 6b 1c bd c7 2d 08 12 9d-be 66 b8 3c 05 c7 19 e7 k...-....f.<....
0200 - ae 09 c7 aa cd b1 38 ee-08 26 3f 48 78 e4 06 2b ......8..&?Hx..+
0210 - 58 38 a1 2c 31 b5 81 c8-85 0a 35 58 87 7a bc d3 X8.,1.....5X.z..
0220 - 72 19 16 55 bd 92 e2 20-a2 58 a8 0b b9 0a 77 03 r..U... .X....w.
0230 - 3a 93 a5 97 66 05 bf 19-b6 2e bc c7 7e 3c a8 22 :...f.......~<."
0240 - 7c 3b c9 87 07 7f 5b 69-77 35 68 7f 4b 97 57 8f |;....[iw5h.K.W.
0250 - 38 53 5b 09 62 1c 1b 0d-ee 72 09 9a f8 79 c2 34 8S[.b....r...y.4
0260 - 27 40 78 23 da a6 2c 30-94 ca 20 2c c0 7f c9 a4 '@x#..,0.. ,....
0270 - da eb 7c 6d e0 49 16 11-1a 20 81 5d 3e e6 98 5e ..|m.I... .]>..^
0280 - 04 42 1a d4 99 d2 da 64-e3 ca 61 e6 25 6b a6 d7 .B.....d..a.%k..
0290 - a7 dd 4c 99 1e 3c 32 c5-01 63 ef 24 5c 15 88 0e ..L..<2..c.$\...
02a0 - ba b2 2c 7a 97 4e 95 e5-6d ac ec 1d 7c 95 c4 29 ..,z.N..m...|..)
02b0 - ea 3c 56 47 8e 3f 05 ba-e0 d5 ad d4 69 ba 79 c5 .<VG.?......i.y.
02c0 - 35 83 63 91 25 32 54 4d-d2 67 5d fc a4 b2 f7 4b 5.c.%2TM.g]....K
02d0 - cd 10 17 f9 e8 c3 dc 28-1f 36 0b 08 8f 15 ce a4 .......(.6......
02e0 - 0b aa c6 34 47 f8 80 41-7d 19 37 10 b7 0d e6 88 ...4G..A}.7.....
02f0 - 6a bc 42 0c ff 39 67 16-32 b2 a0 e8 74 03 ab 1f j.B..9g.2...t...
0300 - f4 87 b9 ad 5c b5 d5 15-c8 ca b1 9e 6e 9b 39 2d ....\.......n.9-
0310 - c3 ba b1 4c 25 7c 37 63-5f dc 88 9d 6c 66 48 63 ...L%|7c_...lfHc
0320 - 35 4d 12 0c 71 fa 7f 58-0c 7b a8 7a 8e cc 67 62 5M..q..X.{.z..gb
0330 - 60 01 15 83 61 3e a8 e6-07 d2 a9 51 d4 65 66 41 `...a>.....Q.efA
0340 - dc 47 05 d2 18 81 79 41-c6 e5 1a 21 76 12 92 14 .G....yA...!v...
0350 - ce 32 28 84 49 13 28 af-09 17 35 f7 10 92 05 21 .2(.I.(...5....!
0360 - 75 c8 67 b3 5a 8c a5 6a-31 e3 4b 3e 42 bc 81 3f u.g.Z..j1.K>B..?
0370 - 0b b7 ec 2c 9c 57 5c 0c-f8 f2 17 4b 68 65 0f 3c ...,.W\....Khe.<
0380 - a1 6c 00 0e 4f 98 01 0e-65 64 e0 03 b1 6f 1b b0 .l..O...ed...o..
0390 - 33 d6 13 00 f3 c4 62 86-ad 8b 72 24 6f 45 06 08 3.....b...r$oE..
03a0 - a5 72 fb 75 a3 07 01 ab-a4 68 16 7c 14 94 94 e9 .r.u.....h.|....
03b0 - 0c 55 da c5 eb 81 ce 83-d5 14 24 11 0e 0a 31 2b .U........$...1+
03c0 - d2 1a 45 4f a3 6c 66 66-3c 7b 49 04 bb 15 a5 08 ..EO.lff<{I.....
03d0 - 83 52 90 89 57 11 10 2c-3c 25 ae c9 9a 1d 17 20 .R..W..,<%.....
03e0 - 35 d9 3a 97 30 85 60 c0-82 1d 71 a1 ba a6 94 23 5.:.0.`...q....#
03f0 - 18 00 4c 67 28 8c 88 13-59 c1 34 86 69 3a 23 67 ..Lg(...Y.4.i:#g
0400 - 38 01 d1 e1 ce 68 9c cb-bc ea 8a 28 77 91 4d c1 8....h.....(w.M.
0410 - 51 be f0 ce 1a 67 b3 fb-58 10 12 a7 8a 86 5c 5a Q....g..X.....\Z
0420 - 3c 31 3e f8 c5 99 0e b6-23 50 c4 8c 61 c1 0a 44 <1>.....#P..a..D
0430 - 19 47 c1 3f 3a 79 86 7b-08 ec 05 64 c2 ea 59 15 .G.?:y.{...d..Y.
0440 - eb 07 9d e4 ff 44 dd 36-e5 6f c5 50 d6 fd 26 00 .....D.6.o.P..&.
0450 - 1b 00 03 02 00 01 ......
read from 0x600003b3c000 [0x7fd452018c03] (5 bytes => 0)
write to 0x600003b3c000 [0x7fd452011c00] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 32 ......2
00B1D253F87F0000:error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:692:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 1117 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x600003b3c000 [0x7fd44f80e400] (8192 bytes => 0)
$
$ openssl3 s_client -debug -connect index.crates.io:443 -tls1_3 -groups kyber512 -provider oqs
Connecting to 18.165.83.98
CONNECTED(00000006)
write to 0x60000271c400 [0x7fc8cb012a00] (1098 bytes => 1098 (0x44A))
0000 - 16 03 01 04 45 01 00 04-41 03 03 fc 8d b0 08 c2 ....E...A.......
0010 - e4 8f ca db 49 02 c9 55-ce 26 9c c8 ea 82 46 98 ....I..U.&....F.
0020 - a6 8d 29 04 b4 c8 23 4d-99 14 2d 20 4d 44 d2 1b ..)...#M..- MD..
0030 - 6e 05 00 8d eb 00 3a 69-01 21 b9 ee ef 21 00 7b n.....:i.!...!.{
0040 - 4e e8 ac 1b f4 18 a3 13-79 39 66 54 00 06 13 02 N.......y9fT....
0050 - 13 03 13 01 01 00 03 f2-00 00 00 14 00 12 00 00 ................
0060 - 0f 69 6e 64 65 78 2e 63-72 61 74 65 73 2e 69 6f .index.crates.io
0070 - 00 0a 00 04 00 02 02 3a-00 23 00 00 00 16 00 00 .......:.#......
0080 - 00 17 00 00 00 0d 00 84-00 82 04 03 05 03 06 03 ................
0090 - 08 07 08 08 08 1a 08 1b-08 1c 08 09 08 0a 08 0b ................
00a0 - 08 04 08 05 08 06 04 01-05 01 06 01 fe a0 fe a1 ................
00b0 - fe a2 fe a3 fe a4 fe a5-fe a6 fe d0 fe d3 fe d4 ................
00c0 - fe e1 fe e2 fe e3 fe e4-fe e5 fe d1 fe d5 fe e6 ................
00d0 - fe e7 fe e8 fe e9 fe ea-fe d2 fe d6 fe eb fe ec ................
00e0 - fe ed fe d7 fe d8 fe d9-fe dc fe dd fe de fe da ................
00f0 - fe db fe df fe e0 fe b3-fe b4 fe b5 fe b6 fe b7 ................
0100 - fe b8 fe b9 fe ba fe c2-fe c3 fe c4 00 2b 00 03 .............+..
0110 - 02 03 04 00 2d 00 02 01-01 00 33 03 26 03 24 02 ....-.....3.&.$.
0120 - 3a 03 20 1b 93 29 e9 eb-90 36 55 4c c4 13 1d 17 :. ..)...6UL....
0130 - b9 63 8e 18 3e 3a f7 b1-61 f9 74 48 c2 49 6c e4 .c..>:..a.tH.Il.
0140 - a0 a8 57 4a c8 31 93 c1-37 41 ed 40 05 ee 53 6d ..WJ.1..7A.@..Sm
0150 - 0a d9 54 17 2c 6c f0 b5-0e 72 a2 1b cd e6 72 e4 ..T.,l...r....r.
0160 - 97 63 57 ab 7c e3 e0 bf-b6 f7 4e 11 87 00 b6 38 .cW.|.....N....8
0170 - 14 0b 14 2f 8d 53 46 5e-25 25 c4 a6 19 0b b9 c8 .../.SF^%%......
0180 - 98 c3 4b 21 7c ac c5 e4-b8 63 5a 5b 65 02 70 fd ..K!|....cZ[e.p.
0190 - e2 97 a9 62 0e 8b bc a4-50 22 6e 56 33 58 c6 94 ...b....P"nV3X..
01a0 - af 1a aa 06 0d 30 1e 06-da 57 61 4a 26 ab c0 8e .....0...WaJ&...
01b0 - 11 55 1a 09 e5 64 e4 a9-79 46 c9 29 11 b2 83 6c .U...d..yF.)...l
01c0 - 97 0a ea 9b 16 2f 27 b5-7d 88 a5 95 71 13 be 38 ...../'.}...q..8
01d0 - a6 f3 88 80 bc 94 22 14-0a 70 b9 61 4a c6 61 22 ......"..p.aJ.a"
01e0 - 9e 3b 94 68 61 20 df ea-9a 4b 3c 9b 97 f1 05 f9 .;.ha ...K<.....
01f0 - 72 0e ea 6a 7a 34 98 01-d6 23 cd 54 37 80 08 ac r..jz4...#.T7...
0200 - 13 57 52 12 54 65 69 6d-90 54 d6 4b 21 07 fc 51 .WR.Teim.T.K!..Q
0210 - 31 14 19 27 41 45 c1 44-9f cc c4 7f 9c b3 58 c7 1..'AE.D......X.
0220 - 5b be f0 33 b3 88 e3 5a-67 05 72 17 db a8 00 5a [..3...Zg.r....Z
0230 - b6 99 51 b7 d8 98 a3 b3-6b 64 17 43 5e 9d 0c 8b ..Q.....kd.C^...
0240 - 50 d3 ce a6 b6 c3 6a 84-14 ba a9 5c 3e 84 29 da P.....j....\>.).
0250 - 9c 17 1f 24 b1 e9 e9 12-7d 03 76 e6 32 ac b4 a0 ...$....}.v.2...
0260 - 11 98 b5 34 e5 18 16 a2-97 1f 5f 33 13 b8 2b 09 ...4......_3..+.
0270 - e4 07 77 d2 36 cf 1e ac-a3 c2 e2 17 57 8a 51 d2 ..w.6.......W.Q.
0280 - 12 9a 5f ac 4e 2a 3c c8-0a 40 8b e7 56 41 84 b2 .._.N*<..@..VA..
0290 - 56 46 d1 bf 05 27 1f 32-d1 07 a5 d2 96 55 e5 aa VF...'.2.....U..
02a0 - 00 86 9e 4f b4 84 43 f7-be 08 d7 38 4a 23 67 ff ...O..C....8J#g.
02b0 - fb 26 6d 78 75 a9 97 39-56 d7 72 99 45 71 8b 80 .&mxu..9V.r.Eq..
02c0 - 4c 2c fa c9 2e 56 98 c6-b9 2b c2 0c 0b a6 a2 34 L,...V...+.....4
02d0 - d8 47 5b d0 1a a2 c2 92-10 1c 19 c8 46 db 83 b6 .G[.........F...
02e0 - 6a 62 81 c7 3c e1 0c 4e-37 b6 47 dc 01 0d 2e 69 jb..<..N7.G....i
02f0 - 6a de 1b ba 49 8b 2e dd-c8 9b 75 49 30 b6 77 a1 j...I.....uI0.w.
0300 - e2 48 2d de 85 8d 29 56-ab 24 a9 48 dc b2 0f c2 .H-...)V.$.H....
0310 - d7 c4 ea 96 6d bd 68 21-b8 29 8f 8a ca 8c 1c 59 ....m.h!.).....Y
0320 - 01 16 83 03 55 bb 4e c4-2a 4c c3 28 bd 48 88 57 ....U.N.*L.(.H.W
0330 - 0e 82 26 bb 04 be c3 84-c9 22 2a 3b da d3 2b 9b ..&......"*;..+.
0340 - 23 8e fa 08 3b 56 d5 8a-d9 81 10 67 ab 02 15 98 #...;V.....g....
0350 - b4 9c 11 c1 f9 26 51 a3-c2 c4 47 23 0d 9d e2 45 .....&Q...G#...E
0360 - 8b e4 9f 1a 76 0b 16 86-c8 e9 36 4c 61 22 b1 3c ....v.....6La".<
0370 - 86 18 ae 4b 88 23 75 72-49 00 99 b2 bb b8 cf 4b ...K.#urI......K
0380 - 8f 6b 03 0a 75 26 02 69-d2 77 4a 5a ab 82 ec ba .k..u&.i.wJZ....
0390 - b2 e2 8e 57 57 53 33 96-1c 37 a4 77 bd 06 30 ce ...WWS3..7.w..0.
03a0 - c3 76 7e d1 38 5d 0a c9-91 50 0d 70 88 10 c7 40 .v~.8]...P.p...@
03b0 - 49 d8 53 0e 4a fc 0f 9d-6b 55 da ec 0d ed e2 48 I.S.J...kU.....H
03c0 - fc 21 9a 1c a6 ae e4 64-42 1e 33 4d ed c1 5a 06 .!.....dB.3M..Z.
03d0 - b9 cf b8 69 02 d5 b6 9d-1b 33 38 74 98 af ed c4 ...i.....38t....
03e0 - 40 80 bb 15 0a ab 83 c4-f6 96 b6 31 48 54 54 0a @..........1HTT.
03f0 - 26 60 b9 5c f2 2e 28 e5-c1 b2 db 60 4a a6 16 fc &`.\..(....`J...
0400 - f7 48 52 e9 78 52 29 67-5d 14 5a b0 c1 3b f1 a7 .HR.xR)g].Z..;..
0410 - 3f a8 9b 02 fd d4 55 86-7c c9 23 90 36 db 86 28 ?.....U.|.#.6..(
0420 - ea 84 48 24 67 ea c8 aa-c2 f7 de 5c 2d cb 90 c1 ..H$g......\-...
0430 - ba 0f f2 be da 40 cf 54-f8 c6 f9 3d a3 b3 38 18 .....@.T...=..8.
0440 - a2 a3 53 00 1b 00 03 02-00 01 ..S.......
read from 0x60000271c400 [0x7fc8cb018c03] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 02 .....
read from 0x60000271c400 [0x7fc8cb018c08] (2 bytes => 2 (0x2))
0000 - 01 00 ..
closed
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 1098 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x60000271c400 [0x7fc8c980e400] (8192 bytes => 0)
$ With OpenSSL-3.2.1 (released/stable, Macports-installed):
$ openssl version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
$ openssl s_client -debug -connect www.ibm.com:443 -tls1_3 -groups kyber512 -provider oqs
Connecting to 23.34.93.246
CONNECTED(00000005)
write to 0x600002fdc300 [0x7ff470012600] (1094 bytes => 1094 (0x446))
0000 - 16 03 01 04 41 01 00 04-3d 03 03 55 e1 f6 09 47 ....A...=..U...G
0010 - c9 ea 11 91 09 a9 a0 e1-37 c4 70 0d ea 43 84 5d ........7.p..C.]
0020 - 6b 45 2c 1f e6 02 db 5f-83 6f 68 20 eb c9 93 c5 kE,...._.oh ....
0030 - 90 e8 c3 d7 37 c1 e0 a2-56 1f ba da ce 14 d6 33 ....7...V......3
0040 - d1 7e b4 79 a2 a0 62 1e-ad d8 bc c1 00 06 13 02 .~.y..b.........
0050 - 13 03 13 01 01 00 03 ee-00 00 00 10 00 0e 00 00 ................
0060 - 0b 77 77 77 2e 69 62 6d-2e 63 6f 6d 00 0a 00 04 .www.ibm.com....
0070 - 00 02 02 3a 00 23 00 00-00 16 00 00 00 17 00 00 ...:.#..........
0080 - 00 0d 00 84 00 82 04 03-05 03 06 03 08 07 08 08 ................
0090 - 08 1a 08 1b 08 1c 08 09-08 0a 08 0b 08 04 08 05 ................
00a0 - 08 06 04 01 05 01 06 01-fe a0 fe a1 fe a2 fe a3 ................
00b0 - fe a4 fe a5 fe a6 fe d0-fe d3 fe d4 fe e1 fe e2 ................
00c0 - fe e3 fe e4 fe e5 fe d1-fe d5 fe e6 fe e7 fe e8 ................
00d0 - fe e9 fe ea fe d2 fe d6-fe eb fe ec fe ed fe d7 ................
00e0 - fe d8 fe d9 fe dc fe dd-fe de fe da fe db fe df ................
00f0 - fe e0 fe b3 fe b4 fe b5-fe b6 fe b7 fe b8 fe b9 ................
0100 - fe ba fe c2 fe c3 fe c4-00 2b 00 03 02 03 04 00 .........+......
0110 - 2d 00 02 01 01 00 33 03-26 03 24 02 3a 03 20 04 -.....3.&.$.:. .
0120 - 60 5f 52 44 70 6e fc c6-54 6c 0a aa 74 8e 38 20 `_RDpn..Tl..t.8
0130 - 41 4a 90 b6 5b 4b 92 9d-1c 63 a6 6a 4a f4 75 49 AJ..[K...c.jJ.uI
0140 - 1f e3 54 37 c4 64 66 60-6c 2b f2 6c f6 db b9 e2 ..T7.df`l+.l....
0150 - 1a 16 88 41 8a ce 8a 26-75 25 81 c7 5a bb e5 90 ...A...&u%..Z...
0160 - 13 85 42 9c 61 75 4b 19-12 6e e6 44 ce 3e ba 23 ..B.auK..n.D.>.#
0170 - d8 4b 63 d7 ec 0d bc 14-be 2f a7 9a 13 16 45 a3 .Kc....../....E.
0180 - e6 74 21 27 45 c5 c4 42-e1 38 9c 77 5c 0a 85 b9 .t!'E..B.8.w\...
0190 - 11 fd 15 26 05 a9 aa de-58 51 eb f6 51 9a 21 4a ...&....XQ..Q.!J
01a0 - d2 10 b8 38 16 60 1d 43-c3 ed 77 78 f3 22 84 d1 ...8.`.C..wx."..
01b0 - a5 bb 95 57 2d a7 2a 42-54 93 78 b8 20 94 1f 11 ...W-.*BT.x. ...
01c0 - 96 ca 68 5d f4 52 20 41-8b 11 e1 31 72 b7 b3 2b ..h].R A...1r..+
01d0 - 3a 93 58 9d 53 87 9f 2b-a3 91 40 16 73 37 4b fe :.X.S..+..@.s7K.
01e0 - 47 bd c8 07 20 4f 2a 3a-e1 95 bd f7 43 74 6b d3 G... O*:....Ctk.
01f0 - b7 3c b5 11 0e c3 4f e9-a8 af 84 e8 44 2e b2 4b .<....O.....D..K
0200 - c1 2c 82 76 f0 2f 73 cc-94 e2 30 1c ef 21 3d 04 .,.v./s...0..!=.
0210 - 4c b9 94 09 85 75 f7 11-d2 52 4a 6c 62 66 7e cc L....u...RJlbf~.
0220 - 66 b6 a9 a6 fd 31 5c cc-85 1e d8 11 23 29 c0 8a f....1\.....#)..
0230 - 56 27 cf c3 e7 0d e8 a0-8c 12 02 6e 3c 20 2c 14 V'.........n< ,.
0240 - e6 93 d3 c0 04 87 68 aa-7d e7 c2 01 12 cc f4 f4 ......h.}.......
0250 - 06 00 ca 61 13 56 6d ea-3b 62 af 65 c8 0a 04 a4 ...a.Vm.;b.e....
0260 - ab 94 89 78 15 37 80 73-b4 52 0c 3c d8 d8 ba fd ...x.7.s.R.<....
0270 - 28 a2 68 2a b2 18 6c 29-c6 b8 59 56 4b 35 5f 69 (.h*..l)..YVK5_i
0280 - 71 11 19 ca ca ac 66 6c-0a 03 2c 90 17 fd 01 57 q.....fl..,....W
0290 - 1e c1 4a 9b 02 a4 7b 4c-7c 12 f4 3e 8e 6a 84 df ..J...{L|..>.j..
02a0 - 34 76 5e b9 44 6d 4a 3a-a9 bc 1c f0 90 2d 2e 23 4v^.DmJ:.....-.#
02b0 - 2c f5 d8 6b 4d cb 40 b3-77 5d b1 d3 98 fc dc 48 ,..kM.@.w].....H
02c0 - 2a 44 a1 97 a8 0f cc 84-04 f8 33 b8 02 07 a3 87 *D........3.....
02d0 - a7 74 b9 5a 89 92 f8 31-7e 0a 83 a8 b3 a2 07 d7 .t.Z...1~.......
02e0 - cf 32 76 77 bb 84 09 ff-c0 96 f2 21 bc 54 36 28 .2vw.......!.T6(
02f0 - 49 e9 9c 4d e9 63 ea 99-20 90 18 09 50 40 66 f8 I..M.c.. ...P@f.
0300 - 1c 7c 2c 3b b0 93 82 79-2e c5 83 61 28 20 d8 f6 .|,;...y...a( ..
0310 - ab dd 7c 41 6d a6 69 79-63 4d b4 26 07 09 70 66 ..|Am.iycM.&..pf
0320 - 60 a6 04 63 45 ce 14 12-9c 12 53 4b 05 ec 9f 88 `..cE.....SK....
0330 - b3 48 6d bc 20 11 fb 06-19 80 87 09 4a 6d b0 5b .Hm. .......Jm.[
0340 - 6c e9 41 8d 11 52 53 4a-61 aa 75 b9 9f 7b 43 6d l.A..RSJa.u..{Cm
0350 - 65 37 11 3e c4 24 ed 20-9a 6c 27 80 72 62 1e d9 e7.>.$. .l'.rb..
0360 - fc 51 ba 93 b8 f9 79 19-7d a6 5c 4f 57 74 37 9b .Q....y.}.\OWt7.
0370 - 1d f8 c9 c5 66 ba 86 92-02 a1 a9 54 a2 dd 76 26 ....f......T..v&
0380 - b5 36 23 29 8c 20 9e d3-a2 77 d7 09 a2 52 3e f7 .6#). ...w...R>.
0390 - 42 ce b1 90 72 23 09 1f-5b 4c 34 cd cc 4a 70 20 B...r#..[L4..Jp
03a0 - 43 1c 61 5a 8b 45 4d f7-11 20 1d a5 3a 3f 04 4f C.aZ.EM.. ..:?.O
03b0 - c6 fc 5e 0b e0 4d e1 80-bb 5f a6 98 26 8b 9f a0 ..^..M..._..&...
03c0 - ca 82 73 25 82 dd 43 8d-38 ac 70 f6 d5 0c 7e 41 ..s%..C.8.p...~A
03d0 - 40 53 29 4c 60 c5 8d 16-66 75 75 4a 30 cd 3b 41 @S)L`...fuuJ0.;A
03e0 - 54 09 ad 1b ba 6b 31 2c-90 ec b2 12 b2 29 5a 60 T....k1,.....)Z`
03f0 - 7b 11 67 f6 6f 48 95 32-68 79 16 80 f2 bc 41 d6 {.g.oH.2hy....A.
0400 - c1 a1 c3 2c 11 51 c7 20-04 a9 be ea 5b 51 8a 03 ...,.Q. ....[Q..
0410 - 8a 4b 33 6f f6 57 b1 e7-1b 47 58 a1 7c 50 2d 5f .K3o.W...GX.|P-_
0420 - bd 25 fd de ea 83 92 b2-6f 10 fd 77 1e 63 b4 72 .%......o..w.c.r
0430 - f9 df eb 6e 66 7e 42 c0-d7 e1 cd 13 d9 51 31 00 ...nf~B......Q1.
0440 - 1b 00 03 02 00 01 ......
read from 0x600002fdc300 [0x7ff470019003] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 02 .....
read from 0x600002fdc300 [0x7ff470019008] (2 bytes => 2 (0x2))
0000 - 02 28 .(
00B1D253F87F0000:error:0A000410:SSL routines:ssl3_read_bytes:ssl/tls alert handshake failure:ssl/record/rec_layer_s3.c:865:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 1094 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x600002fdc300 [0x7ff46d00e400] (8192 bytes => 0)
$ openssl s_client -debug -connect www.downloads.1password.com:443 -tls1_3 -groups kyber512 -provider oqs
Connecting to 34.202.144.145
CONNECTED(00000006)
write to 0x600000fce000 [0x7f8e5e817e00] (1110 bytes => 1110 (0x456))
0000 - 16 03 01 04 51 01 00 04-4d 03 03 7a 5a 4c be db ....Q...M..zZL..
0010 - d1 01 f4 b7 2e 47 a0 5e-f5 d7 3d 8d 15 d1 a8 97 .....G.^..=.....
0020 - 5d 18 95 ed db ce e8 55-0f 00 13 20 91 9d 53 15 ]......U... ..S.
0030 - 3e d2 8d e0 06 7b 53 bb-be c2 36 b2 b9 d5 a3 47 >....{S...6....G
0040 - 40 98 25 3f 54 cb 1d 55-cd ed 84 76 00 06 13 02 @.%?T..U...v....
0050 - 13 03 13 01 01 00 03 fe-00 00 00 20 00 1e 00 00 ........... ....
0060 - 1b 77 77 77 2e 64 6f 77-6e 6c 6f 61 64 73 2e 31 .www.downloads.1
0070 - 70 61 73 73 77 6f 72 64-2e 63 6f 6d 00 0a 00 04 password.com....
0080 - 00 02 02 3a 00 23 00 00-00 16 00 00 00 17 00 00 ...:.#..........
0090 - 00 0d 00 84 00 82 04 03-05 03 06 03 08 07 08 08 ................
00a0 - 08 1a 08 1b 08 1c 08 09-08 0a 08 0b 08 04 08 05 ................
00b0 - 08 06 04 01 05 01 06 01-fe a0 fe a1 fe a2 fe a3 ................
00c0 - fe a4 fe a5 fe a6 fe d0-fe d3 fe d4 fe e1 fe e2 ................
00d0 - fe e3 fe e4 fe e5 fe d1-fe d5 fe e6 fe e7 fe e8 ................
00e0 - fe e9 fe ea fe d2 fe d6-fe eb fe ec fe ed fe d7 ................
00f0 - fe d8 fe d9 fe dc fe dd-fe de fe da fe db fe df ................
0100 - fe e0 fe b3 fe b4 fe b5-fe b6 fe b7 fe b8 fe b9 ................
0110 - fe ba fe c2 fe c3 fe c4-00 2b 00 03 02 03 04 00 .........+......
0120 - 2d 00 02 01 01 00 33 03-26 03 24 02 3a 03 20 05 -.....3.&.$.:. .
0130 - 89 39 b1 e0 1f 33 1c 48-7b e3 79 93 92 42 cb c3 .9...3.H{.y..B..
0140 - 7c e8 37 cd 0a bb bb d4-07 77 cd 9c 4c 71 f1 55 |.7......w..Lq.U
0150 - 55 7b 06 1d e7 54 53 d2-7c ba 27 27 a6 78 3a 76 U{...TS.|.''.x:v
0160 - 35 89 0e a4 1a 91 87 24-66 13 58 78 3a 61 47 cc 5......$f.Xx:aG.
0170 - 39 c5 37 95 7d 46 58 d4-79 74 fa 54 37 c2 07 ac 9.7.}FX.yt.T7...
0180 - 4c 05 59 f6 87 24 d5 12-24 7e c0 12 e4 17 be 4b L.Y..$..$~.....K
0190 - 50 93 e9 19 19 79 d8 5a-f8 46 43 8b 40 51 d3 79 P....y.Z.FC.@Q.y
01a0 - 3d 43 9b bb 28 72 a1 ca-d7 be 78 59 c9 75 88 5c =C..(r....xY.u.\
01b0 - 32 0c c6 9c 8b 95 6e 17-27 84 10 ae 79 64 bb d2 2.....n.'...yd..
01c0 - 98 90 1f f2 56 cc 30 11-a5 b5 9c a6 f8 ba ed f9 ....V.0.........
01d0 - 29 79 d0 43 5c 4b 8b 22-87 3a 85 3a c7 31 07 97 )y.C\K.".:.:.1..
01e0 - 9d 38 ad ce f5 04 db 84-a0 23 68 a3 9d b4 8f 5d .8.......#h....]
01f0 - b5 74 d7 d1 80 39 d0 0d-43 c2 46 6c c3 b6 5c 2b .t...9..C.Fl..\+
0200 - 01 a8 46 8d 34 24 1e 19-4c 35 2f 23 78 8d bc 73 ..F.4$..L5/#x..s
0210 - 84 d0 25 69 33 bd f0 6a-51 c7 f9 94 e3 c3 6a a4 ..%i3..jQ.....j.
0220 - e4 c6 3b 60 63 40 d5 47-cb 16 c6 7c c3 5e 6d 18 ..;`c@.G...|.^m.
0230 - 49 e4 a7 3f 5b 37 21 7e-c0 45 45 9c b5 7b 04 a4 I..?[7!~.EE..{..
0240 - 95 a1 96 e0 a3 b7 b3 8b-a2 07 f0 c9 07 e5 6f 74 ..............ot
0250 - 75 69 ed 81 b1 81 58 62-86 43 9b 60 f2 23 7f 1c ui....Xb.C.`.#..
0260 - ca 18 e6 7d 35 7b 13 7f-3a 38 ec d6 be e3 da 7b ...}5{..:8.....{
0270 - 2a c1 c6 dd 37 b8 72 02-4f 60 69 23 0f 47 10 97 *...7.r.O`i#.G..
0280 - ea 9c c3 79 72 7a 4c 0a-3f 4c b8 b2 eb a9 ba a0 ...yrzL.?L......
0290 - 0c 67 2c 5d 95 2c 18 54-53 ad b5 38 2f f0 3b 94 .g,].,.TS..8/.;.
02a0 - ce f0 c7 fd 33 14 9b d8-6d 25 fb 13 c7 41 25 f1 ....3...m%...A%.
02b0 - ac 88 81 a4 c5 03 78 16-22 10 c4 e7 b9 2e 9f d5 ......x.".......
02c0 - 18 d9 89 8a 68 02 09 20-3a 69 e0 b3 19 e8 25 7a ....h.. :i....%z
02d0 - c0 c3 b3 f6 dc 0f f7 13-72 f7 4c 88 c6 4c 2a 85 ........r.L..L*.
02e0 - b9 3f 5e 32 bf 7f 90 ae-95 45 26 c8 e2 76 ac e4 .?^2.....E&..v..
02f0 - 05 d3 87 59 f8 80 12 75-87 29 9e db 95 f9 18 bc ...Y...u.)......
0300 - 4f 8b b8 f1 32 61 e3 09-2e b7 49 96 e9 42 84 ba O...2a....I..B..
0310 - 49 80 e2 07 99 ad 71 9e-41 49 b4 d2 88 49 ea 79 I.....q.AI...I.y
0320 - 27 0c e4 b7 89 37 8b 57-c3 49 a8 a0 4d 08 84 50 '....7.W.I..M..P
0330 - 64 87 b0 51 d9 66 23 16-8d 5f 5c 50 7b d3 bb 82 d..Q.f#.._\P{...
0340 - f2 52 33 09 19 44 55 47-82 35 7f 92 24 8a d4 05 .R3..DUG.5..$...
0350 - 6e 7f 53 cf 20 74 64 8f-4c a7 57 c0 2b 89 ec 41 n.S. td.L.W.+..A
0360 - 06 ba b4 2d fc 6f 93 6b-2e 62 f5 cd 93 d4 18 f8 ...-.o.k.b......
0370 - a2 81 c5 84 88 4c f1 a2-19 b0 b4 39 5c 47 52 8a .....L.....9\GR.
0380 - a7 8b c8 ad 3b d5 c7 df-a5 32 ef a7 bf ab 44 50 ....;....2....DP
0390 - b7 e4 1f 12 63 23 17 56-43 46 c0 28 61 c3 cf 63 ....c#.VCF.(a..c
03a0 - 30 ca 60 55 12 fa 10 a1-a4 f8 88 3f 9b 06 59 73 0.`U.......?..Ys
03b0 - 92 d4 69 b9 bb 44 1d 09-b0 26 57 b7 a7 64 14 3d ..i..D...&W..d.=
03c0 - 3c 7c b2 48 e2 61 74 93-6b 7c a3 47 13 83 ad 1a <|.H.at.k|.G....
03d0 - 72 8e bb 35 1f fd 12 97-61 60 47 46 73 c4 ba c8 r..5....a`GFs...
03e0 - c3 a0 81 cd 7d 73 81 a5-fb ba 2e 78 7a 8d 02 75 ....}s.....xz..u
03f0 - 25 2b 49 24 46 38 18 f5-55 7d 01 47 f0 70 7d 55 %+I$F8..U}.G.p}U
0400 - 34 55 29 db 9a 45 82 30-b5 48 a4 4e c2 17 54 a7 4U)..E.0.H.N..T.
0410 - 6b 4c c8 a2 a3 72 79 e4-54 1d d9 f3 18 7b f3 87 kL...ry.T....{..
0420 - 48 32 7d 4d 8b 22 70 fc-af d3 46 3a 85 62 9e 47 H2}M."p...F:.b.G
0430 - fc 84 15 3a 3b e8 4b ec-e6 7a 6b d4 dc b3 6f 03 ...:;.K..zk...o.
0440 - c4 bd 09 35 e9 b2 02 42-42 f6 56 7c 8e 15 61 00 ...5...BB.V|..a.
0450 - 1b 00 03 02 00 01 ......
read from 0x600000fce000 [0x7f8e5e823e03] (5 bytes => 0)
write to 0x600000fce000 [0x7f8e5e817e00] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 32 ......2
00B1D253F87F0000:error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:650:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 1117 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x600000fce000 [0x7f8e5d80e400] (8192 bytes => 0)
$
$ openssl s_client -debug -connect index.crates.io:443 -tls1_3 -groups kyber512 -provider oqs
Connecting to 18.165.83.98
CONNECTED(00000006)
write to 0x60000265e700 [0x7f7818823000] (1098 bytes => 1098 (0x44A))
0000 - 16 03 01 04 45 01 00 04-41 03 03 56 31 a8 ce d7 ....E...A..V1...
0010 - 00 a3 b9 91 7b 9e 05 8e-9f e2 8e ef 4c 21 44 57 ....{.......L!DW
0020 - e8 0f e2 08 2a 10 0f 8f-81 30 64 20 32 20 9b b6 ....*....0d 2 ..
0030 - b2 77 23 5c f9 cf 61 77-f4 4a 13 cb 00 02 36 1f .w#\..aw.J....6.
0040 - 2d 7c 28 19 e8 b8 55 5c-80 b4 1e 18 00 06 13 02 -|(...U\........
0050 - 13 03 13 01 01 00 03 f2-00 00 00 14 00 12 00 00 ................
0060 - 0f 69 6e 64 65 78 2e 63-72 61 74 65 73 2e 69 6f .index.crates.io
0070 - 00 0a 00 04 00 02 02 3a-00 23 00 00 00 16 00 00 .......:.#......
0080 - 00 17 00 00 00 0d 00 84-00 82 04 03 05 03 06 03 ................
0090 - 08 07 08 08 08 1a 08 1b-08 1c 08 09 08 0a 08 0b ................
00a0 - 08 04 08 05 08 06 04 01-05 01 06 01 fe a0 fe a1 ................
00b0 - fe a2 fe a3 fe a4 fe a5-fe a6 fe d0 fe d3 fe d4 ................
00c0 - fe e1 fe e2 fe e3 fe e4-fe e5 fe d1 fe d5 fe e6 ................
00d0 - fe e7 fe e8 fe e9 fe ea-fe d2 fe d6 fe eb fe ec ................
00e0 - fe ed fe d7 fe d8 fe d9-fe dc fe dd fe de fe da ................
00f0 - fe db fe df fe e0 fe b3-fe b4 fe b5 fe b6 fe b7 ................
0100 - fe b8 fe b9 fe ba fe c2-fe c3 fe c4 00 2b 00 03 .............+..
0110 - 02 03 04 00 2d 00 02 01-01 00 33 03 26 03 24 02 ....-.....3.&.$.
0120 - 3a 03 20 45 55 7b 69 03-71 87 d2 ae 1b f0 1e 33 :. EU{i.q......3
0130 - 21 c9 51 f6 89 dc f0 cd-6f a2 ae 3d f3 37 8f 42 !.Q.....o..=.7.B
0140 - 6e c0 89 7d e9 68 4c 01-b8 3c 33 cb 34 34 27 86 n..}.hL..<3.44'.
0150 - ee 59 50 d8 e3 7b e9 6a-43 f8 45 8c dc 5a a0 a6 .YP..{.jC.E..Z..
0160 - 56 7c 38 93 73 95 91 08-53 e0 84 94 16 6b a8 32 V|8.s...S....k.2
0170 - 5d fc e5 29 d2 6b 96 bb-0c ab e4 36 3b 8f c5 1d ]..).k.....6;...
0180 - 22 94 18 e8 a1 0a 08 2b-c1 7b b3 29 fc 15 cc 10 "......+.{.)....
0190 - d4 99 c7 9c 66 58 e5 87-ec bc 92 48 12 7d 7c 59 ....fX.....H.}|Y
01a0 - cb 6b da 20 24 d5 80 7d-e5 1f 30 e2 b7 82 32 1e .k. $..}..0...2.
01b0 - 2f f1 18 fd b9 93 f3 c5-15 8c b1 3e 18 3b 3a 7c /..........>.;:|
01c0 - 7b b6 f5 30 57 97 03 8f-23 43 4b 96 96 02 59 08 {..0W...#CK...Y.
01d0 - 7e 18 43 50 24 5a 93 b6-f8 9f d7 98 91 84 6c c0 ~.CP$Z........l.
01e0 - 4c b7 9a a8 7a 55 f5 12-18 a0 e5 1f b4 50 3a 9c L...zU.......P:.
01f0 - 42 8e cb 9b 07 05 61 57-51 4a 81 91 74 80 38 1b B.....aWQJ..t.8.
0200 - 41 14 07 33 a7 80 36 7e-95 4f da 31 b0 c6 ea a1 A..3..6~.O.1....
0210 - d3 a5 69 d5 a8 5b 71 fa-6a 2d 31 9b b8 37 6c d6 ..i..[q.j-1..7l.
0220 - 51 15 b4 ca 71 06 e2 3d-20 34 af c7 33 9c 37 19 Q...q..= 4..3.7.
0230 - 81 4d 1a 13 77 40 6a 23-e5 6a a6 db 57 15 b7 5d .M..w@j#.j..W..]
0240 - c4 58 66 0e a9 60 9c 44-94 2b 54 c1 56 72 ca fa .Xf..`.D.+T.Vr..
0250 - 23 a8 76 52 ab 4e b3 61-4e b3 55 17 43 36 b1 50 #.vR.N.aN.U.C6.P
0260 - 5d 29 78 64 02 ac b3 5c-47 6c 31 cb 5d 2b 29 77 ])xd...\Gl1.]+)w
0270 - 43 74 c6 3f 90 58 65 85-02 b2 3a 82 f8 52 34 2c Ct.?.Xe...:..R4,
0280 - 20 82 3a 06 af 53 e0 6f-54 e2 0b b9 0c cb 88 a2 .:..S.oT.......
0290 - a5 3c d3 62 fe a7 ac 4d-3b 4f b8 b9 96 e1 61 9a .<.b...M;O....a.
02a0 - 38 56 31 30 1a 99 a0 eb-0b c0 a0 98 e3 72 74 35 8V10.........rt5
02b0 - e9 4c c1 5a 6c 55 61 2b-23 09 64 be a2 37 9b b5 .L.ZlUa+#.d..7..
02c0 - 52 57 70 90 24 c7 20 7d-78 ba ac a6 4d 71 9b ac RWp.$. }x...Mq..
02d0 - 8e 67 23 0c f4 8d f6 53-4b 00 47 57 07 87 93 04 .g#....SK.GW....
02e0 - 9a a5 00 c5 bb 81 92 0d-f6 52 bc e8 eb a0 c7 57 .........R.....W
02f0 - 8f aa 8c 45 c2 3c 31 40-f0 c7 e9 b8 92 26 64 9e ...E.<1@.....&d.
0300 - f9 eb ca f4 c7 08 20 0b-93 1d 57 3f ca 82 ad 6e ...... ...W?...n
0310 - 75 b2 67 b4 5f 18 f8 56-07 42 b8 ca ba 53 54 cb u.g._..V.B...ST.
0320 - 37 77 ba c6 42 3b 8e ee-24 05 9a 39 05 c2 51 bd 7w..B;..$..9..Q.
0330 - 50 54 8e b1 36 6d dc 63-1c 64 83 4e 75 b0 36 7c PT..6m.c.d.Nu.6|
0340 - 26 46 8f a6 b2 3a fb 47-bd f1 27 2b 80 89 9f 18 &F...:.G..'+....
0350 - ae 13 e0 9a a3 05 4a e8-1c b9 5a 29 ac 44 2a 4e ......J...Z).D*N
0360 - 58 31 55 3f 9b 21 bb 8a-2e 32 7a 28 b7 a2 1d 7f X1U?.!...2z(....
0370 - 22 c9 14 fa 7c 2f 9a 31-c0 a0 1e a3 d1 96 d7 66 "...|/.1.......f
0380 - 65 1b 73 8d 99 7c 6f 45-18 4a 5f 57 86 10 0b 61 e.s..|oE.J_W...a
0390 - ef 9a 2f 87 0a 31 6a 02-18 fc 9a 18 6a 99 c8 59 ../..1j.....j..Y
03a0 - d6 0f ed e5 0e 32 d3 46-52 f0 56 98 eb c4 1d 77 .....2.FR.V....w
03b0 - 4a 09 c7 3a 7a 00 81 85-84 39 8f a2 be cb c5 a2 J..:z....9......
03c0 - 8f 56 9a e6 e2 a7 d0 51-19 7a 94 3a b9 69 8e a1 .V.....Q.z.:.i..
03d0 - 4a c1 46 e9 02 c8 fb 8d-1b 0c 06 2a 41 2d 70 0b J.F........*A-p.
03e0 - 2d 06 42 28 91 b4 3d a1-e4 72 ce 45 12 d6 f9 5b -.B(..=..r.E...[
03f0 - 29 da 6e 4c 8b 7a f1 92-a7 41 f9 07 48 27 88 e3 ).nL.z...A..H'..
0400 - 4c 30 a7 40 15 de e1 21-cf 7b 26 7d 62 0c 31 31 L0.@...!.{&}b.11
0410 - 7d 1d 31 0a 17 29 84 96-92 57 22 47 b3 7a 15 ce }.1..)...W"G.z..
0420 - dc 2c 65 71 7c 4c 31 61-3f aa fc e1 4a 5a 63 25 .,eq|L1a?...JZc%
0430 - 6b 58 58 11 40 f8 62 9d-ab c4 b7 a7 64 8c 6f 68 kXX.@.b.....d.oh
0440 - ef eb 7c 00 1b 00 03 02-00 01 ..|.......
read from 0x60000265e700 [0x7f781b808203] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 02 .....
read from 0x60000265e700 [0x7f781b808208] (2 bytes => 2 (0x2))
0000 - 01 00 ..
closed
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 1098 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x60000265e700 [0x7f781880e200] (8192 bytes => 0)
$ Another example:
fwupd will fail to get updates when oqsprovider is enabled.
Perform operation? [Y|n]:
Downloading… [ \ ]
failed to download file: OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to fwupd.org:443
baentsch
commented
2 months ago Let me try to sum this all up:
oqsprovider being active or not, right?www.ibm.com "properly" failing as it doesn't handle Kyber512, right (or does/should it support Kyber512)? www.downloads.1password.com fails differently, but also not surprisingly (unless it does support Kyber512: Does it?)oqsprovider active and work OK without oqsprovider active (using openssl s_client to eliminate any other software stack impact) -- using a group/KEM they support?levitte
commented
2 months ago It isn't clear to me if the servers that were tested against are using the oqsprovider or not. What I get out of that the outputs shown here is it may as well be that they respond in different (possibly faulty) ways when faced with cipher suites they do not know... but, TLS isn't my area of expertise, so I can't do much more than relay my impression
iyanmv
commented
2 months ago I agree with @levitte. I don't think that the servers where I observe this issue support any PQ KEM. It's just that they fail to do the TLS handshake after the client offers PQ algs. They terminate rather than continue with a traditional KEM.
Regarding this @baentsch
So which servers now hang with oqsprovider active and work OK without oqsprovider active (using openssl s_client to eliminate any other software stack impact) -- using a group/KEM they support?
With the latest server I observed the issue, you can try to replicate the following
echo Q | openssl s_client -connect fwupd.org:443 # It works
echo Q | openssl s_client -provider oqsprovider -connect fwupd.org:443 # It failsOh, can it be that when -provider oqsprovider is passed, only TLS 1.3 is ever used, so if the server does not support TLS 1.3, it fails to downgrade to TLS 1.2 and continue with the default provider?
baentsch
commented
2 months ago Well, this error is simple: The second command (o)misses the default provider:
echo Q | openssl s_client -connect fwupd.org:443 # It works echo Q | openssl s_client -provider oqsprovider -connect fwupd.org:443 # It fails
OK if run as such
> echo Q | openssl s_client -provider oqsprovider -provider default -connect fwupd.org:443
iyanmv
commented
2 months ago Well, this error is simple: The second command (o)misses the default provider:
echo Q | openssl s_client -connect fwupd.org:443 # It works echo Q | openssl s_client -provider oqsprovider -connect fwupd.org:443 # It fails
OK if run as such
> echo Q | openssl s_client -provider oqsprovider -provider default -connect fwupd.org:443
(I didn't need to add the default manually because I have it enabled in the config file) But even adding -provider default still fails for me.
iyanmv
commented
2 months ago echo Q | openssl s_client -provider oqsprovider -provider default -connect fwupd.org:443
Connecting to 52.37.189.50
CONNECTED(00000003)
40A7F3DFBC7F0000:error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:645:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 454 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---Interesting. It worked for me both for the system openssl (3.0.2) and the latest "master" build:
$ OPENSSL_MODULES=_build/lib openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
$ OPENSSL_MODULES=_build/lib openssl s_client -connect fwupd.org:443 -provider oqsprovider -provider default
CONNECTED(00000003)
depth=2 C = US, O = Amazon, CN = Amazon Root CA 1
verify return:1
depth=1 C = US, O = Amazon, CN = Amazon RSA 2048 M02
verify return:1
depth=0 CN = fwupd.org
verify return:1
---
Certificate chain
0 s:CN = fwupd.org
i:C = US, O = Amazon, CN = Amazon RSA 2048 M02
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 21 00:00:00 2023 GMT; NotAfter: Aug 18 23:59:59 2024 GMT
1 s:C = US, O = Amazon, CN = Amazon RSA 2048 M02
i:C = US, O = Amazon, CN = Amazon Root CA 1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 23 22:25:30 2022 GMT; NotAfter: Aug 23 22:25:30 2030 GMT
2 s:C = US, O = Amazon, CN = Amazon Root CA 1
i:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT
3 s:C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
i:C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgIQDamSmqqEGnwWKTPxnsR0UjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMDcyMTAwMDAwMFoXDTI0MDgxODIzNTk1OVowFDES
MBAGA1UEAxMJZnd1cGQub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwKR4xLltzre3+vc3QsCt/It3XgqyWRHgxEzf4wRSnHqMG4YFw6D/+oU2zm0y
fl/+OuqPmKT4ub58W8+LluPWyOJVNzKa2Ip0hevcNLzRSPdwjqFoxlIFKIS+YZo+
iW4rMYxMvQO1tJdkkKSWxAYPvsw+jcFcC7O2ibWQd5UluJUqqttExpj/O433sWkM
dQlmsx85UAXY9dHqqJAEx0iYyYPgo9GFwQv8w9FAMejFfYS6/HjAI/e7pEDJVRvY
OB9KM/1wD4oAYufN8jcuvZi/HgpiYmWNE7FdYodd+g+dYCCcmYRoJNl3cMb7jlFy
9qKJniF7Y6aj96oO3r7MUntapQIDAQABo4IC8zCCAu8wHwYDVR0jBBgwFoAUwDFS
zVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFKX2KafEg1sO6OBxj51UBv0Y6KCh
MCMGA1UdEQQcMBqCCWZ3dXBkLm9yZ4INd3d3LmZ3dXBkLm9yZzAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIw
MKAuoCyGKmh0dHA6Ly9jcmwucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNy
bDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUH
MAGGIWh0dHA6Ly9vY3NwLnIybTAyLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcw
AoYqaHR0cDovL2NydC5yMm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIuY2VyMAwG
A1UdEwEB/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3AO7N0GTV2xrO
xVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABiXXwIvoAAAQDAEgwRgIhALQ/j39R
HRp23Au9w4YiFNTS7CkmViifZ1NvmH8KkHZlAiEA9hAFnzQBMlgOMfFXviajlFdM
a6A+foxp6vzNEq91VzQAdgBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiE
cwAAAYl18CLjAAAEAwBHMEUCIQDAesn/tkOWewSAjwj2HpY3IXpuvhykcizlswLz
MRxNIgIgFKdc+YDZUityA6JWnW4h2rI/DO4lw82nGglX1b/Ya6kAdwDatr9rP7W2
Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYl18CLYAAAEAwBIMEYCIQCQdcWV
yj/PMbExCF8GgP0kUAH1QUK268LYH7szpKSwgwIhAJFk3Gx3EnXg96/aDOA8iaZs
2q0mzgEkzvpe1eM5vS3YMA0GCSqGSIb3DQEBCwUAA4IBAQAJBRibA1ALf2TR0N2a
s+7j96vI8YO0+AhFUy87yxKZdR/OmM6Jy8ezY2XU7nv/gfC46Ii5fVYEpal6sTpA
JXn3tdlcvAzWHR9MRmHdXSaspUKddcW2JdHrmipW1VD2CYRyvf+dpTMi+qv81fLo
wuiNrBXm3gKwFWjimlOExQAeEgl4Unk/K9LJROacFM9f+S+nbMekbPaRhiEyAEm6
Esf66kq7u/BwPEUCd2wJks5NC8HUHf8csf9K7Hx9cX1aZHSMmDGuKIMER1yDCEiw
sIWi2ElkG+5VUwD9UVhj0bxt4b1vkwHNoZqvMp/SdXGKJUdi1Ygj+2dNKiPqGmkL
mKk5
-----END CERTIFICATE-----
subject=CN = fwupd.org
issuer=C = US, O = Amazon, CN = Amazon RSA 2048 M02
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5578 bytes and written 437 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 4ABA4644AC7C52DE2220E4AB9601B139F1AE41552DA44DFD7672C1FBA8BB1C1C
Session-ID-ctx:
Master-Key: 6FA171C6466C85CA0EE59F12BCA8D4B2FDD011210AB6ED8414ACC30A0AD4F79E49A52B9275DACEB4755E3CED0C562B8C
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 6d 6b 0e 96 cc 23 53 02-4a df ed 97 48 7f 3d c4 mk...#S.J...H.=.
0010 - e2 e5 f8 68 98 1b 8f 6f-a5 96 40 f8 69 26 fd 77 ...h...o..@.i&.w
0020 - 9e 8c a6 5c 07 73 f4 64-3b a2 07 6d 6a 9a 9a d9 ...\.s.d;..mj...
0030 - b9 3e d9 63 2c 5e 61 10-23 cf e5 1d a3 67 28 df .>.c,^a.#....g(.
0040 - fd 5e 61 12 a7 0c b1 0e-a0 4d 2c e3 1b f2 cb 87 .^a......M,.....
0050 - cb db c0 6a 7a 68 ed 19-1e e4 d4 72 54 db fd fd ...jzh.....rT...
0060 - 31 26 93 ea 6b f0 86 18-46 1&..k...F
Start Time: 1714055509
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
Q
DONE
$ OPENSSL_MODULES=_build/lib ./.local/bin/openssl version
OpenSSL 3.4.0-dev (Library: OpenSSL 3.4.0-dev )
$ OPENSSL_MODULES=_build/lib ./.local/bin/openssl s_client -provider oqsprovider -provider default -connect fwupd.org:443
Connecting to 2600:1f14:414:5602::6ea1
CONNECTED(00000003)
depth=3 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=2 C=US, O=Amazon, CN=Amazon Root CA 1
verify return:1
depth=1 C=US, O=Amazon, CN=Amazon RSA 2048 M02
verify return:1
depth=0 CN=fwupd.org
verify return:1
---
Certificate chain
0 s:CN=fwupd.org
i:C=US, O=Amazon, CN=Amazon RSA 2048 M02
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 21 00:00:00 2023 GMT; NotAfter: Aug 18 23:59:59 2024 GMT
1 s:C=US, O=Amazon, CN=Amazon RSA 2048 M02
i:C=US, O=Amazon, CN=Amazon Root CA 1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 23 22:25:30 2022 GMT; NotAfter: Aug 23 22:25:30 2030 GMT
2 s:C=US, O=Amazon, CN=Amazon Root CA 1
i:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT
3 s:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
i:C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgIQDamSmqqEGnwWKTPxnsR0UjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMDcyMTAwMDAwMFoXDTI0MDgxODIzNTk1OVowFDES
MBAGA1UEAxMJZnd1cGQub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwKR4xLltzre3+vc3QsCt/It3XgqyWRHgxEzf4wRSnHqMG4YFw6D/+oU2zm0y
fl/+OuqPmKT4ub58W8+LluPWyOJVNzKa2Ip0hevcNLzRSPdwjqFoxlIFKIS+YZo+
iW4rMYxMvQO1tJdkkKSWxAYPvsw+jcFcC7O2ibWQd5UluJUqqttExpj/O433sWkM
dQlmsx85UAXY9dHqqJAEx0iYyYPgo9GFwQv8w9FAMejFfYS6/HjAI/e7pEDJVRvY
OB9KM/1wD4oAYufN8jcuvZi/HgpiYmWNE7FdYodd+g+dYCCcmYRoJNl3cMb7jlFy
9qKJniF7Y6aj96oO3r7MUntapQIDAQABo4IC8zCCAu8wHwYDVR0jBBgwFoAUwDFS
zVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFKX2KafEg1sO6OBxj51UBv0Y6KCh
MCMGA1UdEQQcMBqCCWZ3dXBkLm9yZ4INd3d3LmZ3dXBkLm9yZzAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIw
MKAuoCyGKmh0dHA6Ly9jcmwucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNy
bDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUH
MAGGIWh0dHA6Ly9vY3NwLnIybTAyLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcw
AoYqaHR0cDovL2NydC5yMm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIuY2VyMAwG
A1UdEwEB/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3AO7N0GTV2xrO
xVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABiXXwIvoAAAQDAEgwRgIhALQ/j39R
HRp23Au9w4YiFNTS7CkmViifZ1NvmH8KkHZlAiEA9hAFnzQBMlgOMfFXviajlFdM
a6A+foxp6vzNEq91VzQAdgBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiE
cwAAAYl18CLjAAAEAwBHMEUCIQDAesn/tkOWewSAjwj2HpY3IXpuvhykcizlswLz
MRxNIgIgFKdc+YDZUityA6JWnW4h2rI/DO4lw82nGglX1b/Ya6kAdwDatr9rP7W2
Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYl18CLYAAAEAwBIMEYCIQCQdcWV
yj/PMbExCF8GgP0kUAH1QUK268LYH7szpKSwgwIhAJFk3Gx3EnXg96/aDOA8iaZs
2q0mzgEkzvpe1eM5vS3YMA0GCSqGSIb3DQEBCwUAA4IBAQAJBRibA1ALf2TR0N2a
s+7j96vI8YO0+AhFUy87yxKZdR/OmM6Jy8ezY2XU7nv/gfC46Ii5fVYEpal6sTpA
JXn3tdlcvAzWHR9MRmHdXSaspUKddcW2JdHrmipW1VD2CYRyvf+dpTMi+qv81fLo
wuiNrBXm3gKwFWjimlOExQAeEgl4Unk/K9LJROacFM9f+S+nbMekbPaRhiEyAEm6
Esf66kq7u/BwPEUCd2wJks5NC8HUHf8csf9K7Hx9cX1aZHSMmDGuKIMER1yDCEiw
sIWi2ElkG+5VUwD9UVhj0bxt4b1vkwHNoZqvMp/SdXGKJUdi1Ygj+2dNKiPqGmkL
mKk5
-----END CERTIFICATE-----
subject=CN=fwupd.org
issuer=C=US, O=Amazon, CN=Amazon RSA 2048 M02
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5578 bytes and written 525 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: A5ABBCAD7B60FDC204D3F4AA46C2530636DD941FDA07217A8503B6730F4B39ED
Session-ID-ctx:
Master-Key: CE470EB96F3E1849AC9D2988FB29F3C295FDC33B3C4AEC61AECAC2D94B387B67D8E9912E7A682117977FE8A5A6A10232
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 39 2b 77 f6 3f dd cc d4-17 1a 3c 0a 2a b3 36 96 9+w.?.....<.*.6.
0010 - ba 4f 42 f1 e0 7e 7c f7-b0 72 d0 5b f1 fb 17 53 .OB..~|..r.[...S
0020 - 1f 2d da fe ba 4f 0e 28-9a 46 3d 9c fb e5 af 69 .-...O.(.F=....i
0030 - 2a 61 b8 d3 fb b3 75 85-86 95 96 c2 f2 2e 9b ef *a....u.........
0040 - 06 66 3f 06 62 72 59 54-d6 d6 0a 72 8a 8c 4e 0f .f?.brYT...r..N.
0050 - b1 72 12 e8 73 e1 5a 9c-07 9c bb 52 7b ca 1b 80 .r..s.Z....R{...
0060 - ae e1 ab e0 4d 53 75 7c-69 ....MSu|i
Start Time: 1714055690
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: yes
---
Q
DONE--> What's your openssl version?
iyanmv
commented
2 months ago --> What's your openssl version?
$ openssl -version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)I want to bring to everybody's attention the fact that up until Apr 12th, OpenSSL and oqs-provider worked fine with all of the above sites. So, presumably, the fact that oqs advertizes Kyber has little to do with this failure - as I am sure it was doing that before Apr 12th.
It could be the upgrade to OpenSSL-3.2.1, which was installed on my machine on Apr 9th - so, if oqs-provider wasn't changed between Apr 9 and Apr 15, then OpenSSL-3.2.1 is the culprit.
baentsch
commented
2 months ago It could be the upgrade to OpenSSL-3.2.1
Nope: Just built openssl 3.2.1 (on Linux x64) and everything works just fine:
$ OPENSSL_MODULES=_build/lib ./.local/bin/openssl list -verbose -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.2.1
status: active
build info: 3.2.1
gettable provider parameters:
name: pointer to a UTF8 encoded string (arbitrary size)
version: pointer to a UTF8 encoded string (arbitrary size)
buildinfo: pointer to a UTF8 encoded string (arbitrary size)
status: integer (arbitrary size)
$ OPENSSL_MODULES=_build/lib ./.local/bin/openssl version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
$ OPENSSL_MODULES=_build/lib ./.local/bin/openssl s_client -provider oqsprovider -provider default -connect fwupd.org:443
Connecting to 2600:1f14:414:5602::6ea1
CONNECTED(00000003)
depth=3 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=2 C=US, O=Amazon, CN=Amazon Root CA 1
verify return:1
depth=1 C=US, O=Amazon, CN=Amazon RSA 2048 M02
verify return:1
depth=0 CN=fwupd.org
verify return:1
---
Certificate chain
0 s:CN=fwupd.org
i:C=US, O=Amazon, CN=Amazon RSA 2048 M02
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Jul 21 00:00:00 2023 GMT; NotAfter: Aug 18 23:59:59 2024 GMT
1 s:C=US, O=Amazon, CN=Amazon RSA 2048 M02
i:C=US, O=Amazon, CN=Amazon Root CA 1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 23 22:25:30 2022 GMT; NotAfter: Aug 23 22:25:30 2030 GMT
2 s:C=US, O=Amazon, CN=Amazon Root CA 1
i:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT
3 s:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
i:C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgIQDamSmqqEGnwWKTPxnsR0UjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMDcyMTAwMDAwMFoXDTI0MDgxODIzNTk1OVowFDES
MBAGA1UEAxMJZnd1cGQub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwKR4xLltzre3+vc3QsCt/It3XgqyWRHgxEzf4wRSnHqMG4YFw6D/+oU2zm0y
fl/+OuqPmKT4ub58W8+LluPWyOJVNzKa2Ip0hevcNLzRSPdwjqFoxlIFKIS+YZo+
iW4rMYxMvQO1tJdkkKSWxAYPvsw+jcFcC7O2ibWQd5UluJUqqttExpj/O433sWkM
dQlmsx85UAXY9dHqqJAEx0iYyYPgo9GFwQv8w9FAMejFfYS6/HjAI/e7pEDJVRvY
OB9KM/1wD4oAYufN8jcuvZi/HgpiYmWNE7FdYodd+g+dYCCcmYRoJNl3cMb7jlFy
9qKJniF7Y6aj96oO3r7MUntapQIDAQABo4IC8zCCAu8wHwYDVR0jBBgwFoAUwDFS
zVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFKX2KafEg1sO6OBxj51UBv0Y6KCh
MCMGA1UdEQQcMBqCCWZ3dXBkLm9yZ4INd3d3LmZ3dXBkLm9yZzAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDsGA1UdHwQ0MDIw
MKAuoCyGKmh0dHA6Ly9jcmwucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNy
bDATBgNVHSAEDDAKMAgGBmeBDAECATB1BggrBgEFBQcBAQRpMGcwLQYIKwYBBQUH
MAGGIWh0dHA6Ly9vY3NwLnIybTAyLmFtYXpvbnRydXN0LmNvbTA2BggrBgEFBQcw
AoYqaHR0cDovL2NydC5yMm0wMi5hbWF6b250cnVzdC5jb20vcjJtMDIuY2VyMAwG
A1UdEwEB/wQCMAAwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3AO7N0GTV2xrO
xVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABiXXwIvoAAAQDAEgwRgIhALQ/j39R
HRp23Au9w4YiFNTS7CkmViifZ1NvmH8KkHZlAiEA9hAFnzQBMlgOMfFXviajlFdM
a6A+foxp6vzNEq91VzQAdgBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZu7+rOdiE
cwAAAYl18CLjAAAEAwBHMEUCIQDAesn/tkOWewSAjwj2HpY3IXpuvhykcizlswLz
MRxNIgIgFKdc+YDZUityA6JWnW4h2rI/DO4lw82nGglX1b/Ya6kAdwDatr9rP7W2
Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYl18CLYAAAEAwBIMEYCIQCQdcWV
yj/PMbExCF8GgP0kUAH1QUK268LYH7szpKSwgwIhAJFk3Gx3EnXg96/aDOA8iaZs
2q0mzgEkzvpe1eM5vS3YMA0GCSqGSIb3DQEBCwUAA4IBAQAJBRibA1ALf2TR0N2a
s+7j96vI8YO0+AhFUy87yxKZdR/OmM6Jy8ezY2XU7nv/gfC46Ii5fVYEpal6sTpA
JXn3tdlcvAzWHR9MRmHdXSaspUKddcW2JdHrmipW1VD2CYRyvf+dpTMi+qv81fLo
wuiNrBXm3gKwFWjimlOExQAeEgl4Unk/K9LJROacFM9f+S+nbMekbPaRhiEyAEm6
Esf66kq7u/BwPEUCd2wJks5NC8HUHf8csf9K7Hx9cX1aZHSMmDGuKIMER1yDCEiw
sIWi2ElkG+5VUwD9UVhj0bxt4b1vkwHNoZqvMp/SdXGKJUdi1Ygj+2dNKiPqGmkL
mKk5
-----END CERTIFICATE-----
subject=CN=fwupd.org
issuer=C=US, O=Amazon, CN=Amazon RSA 2048 M02
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5578 bytes and written 525 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: B760CAB64EACA3D2A251E1889FBDF51B2A46362A314256A58AB027D67A0D7865
Session-ID-ctx:
Master-Key: 26DE1BAFC1F0AB0C00975F8C539174ACB163B20F14972EE9762DD9CD5988F6A21B1C40839F4E287D9AF77DD386553F44
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 86400 (seconds)
TLS session ticket:
0000 - 1e ac f0 0c ae 8d e3 3f-a9 b7 55 72 9b 91 d1 01 .......?..Ur....
0010 - ba 76 e0 64 36 83 8c 89-97 3e 26 c0 70 43 4b ae .v.d6....>&.pCK.
0020 - 3a 7d 94 06 18 ef a7 0d-22 02 bf fd b0 6e 3e fc :}......"....n>.
0030 - 37 27 3b 22 43 dc a7 3d-9b 89 e6 74 98 aa 79 4d 7';"C..=...t..yM
0040 - e0 54 0c ff 52 d4 9d 96-c5 31 19 37 ae 1d 40 19 .T..R....1.7..@.
0050 - 75 3d 3d 58 3a 61 f7 d8-0b dd b7 30 41 e0 7d d7 u==X:a.....0A.}.
0060 - 27 34 ee 59 96 17 d2 ff-b9 '4.Y.....
Start Time: 1714111263
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: yes
---
Q
DONEWhat clearly is visible is that the server runs TLS 1.2, so anyway all "(oqs)provider logic" should not trigger anyway.
if oqs-provider wasn't changed between Apr 9 and Apr 15
Nope, too: This time period was the 0.6.0 "release hiatus".
As you can reproduce this @iyanmv @mouse07410 , could you please take a close look at my 3.2.1 log and yours to spot differences?
iyanmv
commented
2 months ago I did a git bisect of the oqsprovider using the OpenSSL from Arch Linux repos (3.2.1) and the liboqs fixed to the 0.10.0 release and this is the commit where running echo Q | openssl s_client -provider oqsprovider -provider default -connect fwupd.org:443 starts to fail for me.
19e5a975a249d11e38937de80651bc855bb7ec3c is the first bad commit
commit 19e5a975a249d11e38937de80651bc855bb7ec3c
Author: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
Date: Sat Feb 24 07:34:02 2024 +0100
first cut adding ML-* (#348)
* introducing ML-* algorithms
* split KEX testing in 2 and add openssl bug warning to README
* clarify utility of KEM OIDs
ALGORITHMS.md | 108 ++++++----
CONFIGURE.md | 11 +-
README.md | 9 +
oqs-template/generate.py | 8 +-
oqs-template/generate.yml | 79 ++++++-
oqs-template/generate_oid_nid_table.py | 16 +-
oqs-template/generatehelpers.py | 8 +-
oqs-template/oqs-kem-info.md | 184 +++++++++--------
oqs-template/oqs-sig-info.md | 283 ++++++++++++-------------
oqsprov/oqs_decode_der2key.c | 40 ++++
oqsprov/oqs_encode_key2any.c | 176 ++++++++++++++++
oqsprov/oqs_kmgmt.c | 165 ++++++++++++---
oqsprov/oqs_prov.h | 309 +++++++++++++++++++++++++++
oqsprov/oqsdecoders.inc | 60 ++++++
oqsprov/oqsencoders.inc | 181 ++++++++++++++++
oqsprov/oqsprov.c | 367 ++++++++++++++++++++++++---------
oqsprov/oqsprov_capabilities.c | 244 +++++++++++++++-------
oqsprov/oqsprov_keys.c | 21 +-
scripts/common.py | 28 ++-
scripts/release-test-ci.sh | 2 +-
scripts/test_tls_full.py | 39 +++-
21 files changed, 1828 insertions(+), 510 deletions(-)And I can only reproduce if I enable all the algs in oqs-template/generate.yml, if I use the default one from the repo it also works.
This is what I'm doing when generating the package for Arch:
prepare() {
# Enable additional algorithms supported by liboqs
# See: https://github.com/open-quantum-safe/oqs-provider/issues/210
cd ${pkgname}
sed -i -e "s/enable: false/enable: true/g" oqs-template/generate.yml
# Some files are needed from the liboqs source code or generate.py will fail
LIBOQS_SRC_DIR="${srcdir}/liboqs-${_pkgverliboqs}" python oqs-template/generate.py
}So this is the generate.yml I pass to the Python script:
# This is the master document for ID interoperability for KEM IDs, p-hybrid KEM IDs, SIG (O)IDs
# Next free plain KEM ID: 0x024A, p-hybrid: 0x2F4A, X-hybrid: 0x2FB6
kems:
-
family: 'FrodoKEM'
name_group: 'frodo640aes'
nid: '0x0200'
nid_hybrid: '0x2F00'
oqs_alg: 'OQS_KEM_alg_frodokem_640_aes'
extra_nids:
current:
- hybrid_group: "x25519"
nid: '0x2F80'
-
family: 'FrodoKEM'
name_group: 'frodo640shake'
nid: '0x0201'
nid_hybrid: '0x2F01'
oqs_alg: 'OQS_KEM_alg_frodokem_640_shake'
extra_nids:
current:
- hybrid_group: "x25519"
nid: '0x2F81'
-
family: 'FrodoKEM'
name_group: 'frodo976aes'
nid: '0x0202'
nid_hybrid: '0x2F02'
oqs_alg: 'OQS_KEM_alg_frodokem_976_aes'
extra_nids:
current:
- hybrid_group: "x448"
nid: '0x2F82'
-
family: 'FrodoKEM'
name_group: 'frodo976shake'
nid: '0x0203'
nid_hybrid: '0x2F03'
oqs_alg: 'OQS_KEM_alg_frodokem_976_shake'
extra_nids:
current:
- hybrid_group: "x448"
nid: '0x2F83'
-
family: 'FrodoKEM'
name_group: 'frodo1344aes'
nid: '0x0204'
nid_hybrid: '0x2F04'
oqs_alg: 'OQS_KEM_alg_frodokem_1344_aes'
-
family: 'FrodoKEM'
name_group: 'frodo1344shake'
nid: '0x0205'
nid_hybrid: '0x2F05'
oqs_alg: 'OQS_KEM_alg_frodokem_1344_shake'
-
family: 'BIKE'
name_group: 'bike1l1cpa'
bit_security: 128
extra_nids:
old:
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x0206'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: secp256_r1
nid: '0x2F06'
oqs_alg: 'OQS_KEM_alg_bike1_l1_cpa'
-
family: 'BIKE'
name_group: 'bike1l3cpa'
bit_security: 192
extra_nids:
old:
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x0207'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: secp384_r1
nid: '0x2F07'
oqs_alg: 'OQS_KEM_alg_bike1_l3_cpa'
-
family: 'CRYSTALS-Kyber'
name_group: 'kyber512'
nid: '0x023A'
oid: '1.3.6.1.4.1.22554.5.6.1'
nid_hybrid: '0x2F3A'
hybrid_oid: '1.3.6.1.4.1.22554.5.7.1'
oqs_alg: 'OQS_KEM_alg_kyber_512'
extra_nids:
current:
- hybrid_group: "x25519"
hybrid_oid: '1.3.6.1.4.1.22554.5.8.1'
nid: '0x2F39'
old:
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x020F'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: secp256_r1
nid: '0x2F0F'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: x25519
nid: '0x2F26'
-
family: 'CRYSTALS-Kyber'
name_group: 'kyber768'
nid: '0x023C'
oid: '1.3.6.1.4.1.22554.5.6.2'
nid_hybrid: '0x2F3C'
extra_nids:
current:
- hybrid_group: "x448"
nid: '0x2F90'
- hybrid_group: "x25519"
nid: '0x6399'
- hybrid_group: "p256"
nid: '0x639A'
old:
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x0210'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: secp384_r1
nid: '0x2F10'
oqs_alg: 'OQS_KEM_alg_kyber_768'
-
family: 'CRYSTALS-Kyber'
name_group: 'kyber1024'
nid: '0x023D'
oid: '1.3.6.1.4.1.22554.5.6.3'
nid_hybrid: '0x2F3D'
extra_nids:
old:
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x0211'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: secp521_r1
nid: '0x2F11'
oqs_alg: 'OQS_KEM_alg_kyber_1024'
-
family: 'ML-KEM'
name_group: 'mlkem512'
nid: '0x0247'
oid: '1.3.6.1.4.1.22554.5.6.1'
nid_hybrid: '0x2F47'
hybrid_oid: '1.3.6.1.4.1.22554.5.7.1'
oqs_alg: 'OQS_KEM_alg_ml_kem_512'
extra_nids:
current:
- hybrid_group: "x25519"
hybrid_oid: '1.3.6.1.4.1.22554.5.8.1'
nid: '0x2FB2'
-
family: 'ML-KEM'
name_group: 'mlkem768'
nid: '0x0248'
oid: '1.3.6.1.4.1.22554.5.6.2'
nid_hybrid: '0x2F48'
oqs_alg: 'OQS_KEM_alg_ml_kem_768'
extra_nids:
current:
- hybrid_group: "x448"
nid: '0x2FB3'
- hybrid_group: "x25519"
nid: '0x2FB4'
- hybrid_group: "p256"
nid: '0x2FB5'
-
family: 'ML-KEM'
name_group: 'mlkem1024'
nid: '0x0249'
oid: '1.3.6.1.4.1.22554.5.6.3'
nid_hybrid: '0x2F49'
oqs_alg: 'OQS_KEM_alg_ml_kem_1024'
-
family: 'BIKE'
name_group: 'bike1l1fo'
bit_security: 128
extra_nids:
old:
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x0223'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: secp256_r1
nid: '0x2F23'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: "x25519"
nid: '0x2F28'
oqs_alg: 'OQS_KEM_alg_bike1_l1_fo'
-
family: 'BIKE'
name_group: 'bike1l3fo'
bit_security: 192
extra_nids:
old:
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x0224'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: secp384_r1
nid: '0x2F24'
oqs_alg: 'OQS_KEM_alg_bike1_l3_fo'
-
family: 'BIKE'
name_group: 'bikel1'
implementation_version: '5.1'
nid: '0x0241'
nid_hybrid: '0x2F41'
oqs_alg: 'OQS_KEM_alg_bike_l1'
extra_nids:
current:
- hybrid_group: "x25519"
nid: '0x2FAE'
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x0238'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: x25519
nid: '0x2F37'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp256_r1
nid: '0x2F38'
-
family: 'BIKE'
name_group: 'bikel3'
implementation_version: '5.1'
nid: '0x0242'
nid_hybrid: '0x2F42'
oqs_alg: 'OQS_KEM_alg_bike_l3'
extra_nids:
current:
- hybrid_group: "x448"
nid: '0x2FAF'
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x023B'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp384_r1
nid: '0x2F3B'
-
family: 'BIKE'
name_group: 'bikel5'
implementation_version: '5.1'
nid: '0x0243'
nid_hybrid: '0x2F43'
oqs_alg: 'OQS_KEM_alg_bike_l5'
-
family: 'CRYSTALS-Kyber'
name_group: 'kyber90s512'
extra_nids:
old:
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x0229'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: secp256_r1
nid: '0x2F29'
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x023E'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp256_r1
nid: '0x2F3E'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: x25519
nid: '0x2FA9'
oqs_alg: 'OQS_KEM_alg_kyber_512_90s'
-
family: 'CRYSTALS-Kyber'
name_group: 'kyber90s768'
extra_nids:
old:
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x022A'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: secp384_r1
nid: '0x2F2A'
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x023F'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp384_r1
nid: '0x2F3F'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: x448
nid: '0x2FAA'
oqs_alg: 'OQS_KEM_alg_kyber_768_90s'
-
family: 'CRYSTALS-Kyber'
name_group: 'kyber90s1024'
extra_nids:
old:
- implementation_version: NIST Round 2 submission
nist-round: 2
nid: '0x022B'
- implementation_version: NIST Round 2 submission
nist-round: 2
hybrid_group: secp521_r1
nid: '0x2F2B'
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x0240'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp521_r1
nid: '0x2F40'
oqs_alg: 'OQS_KEM_alg_kyber_1024_90s'
-
family: 'HQC'
name_group: 'hqc128'
nid: '0x0244'
nid_hybrid: '0x2F44'
oqs_alg: 'OQS_KEM_alg_hqc_128'
extra_nids:
current:
- hybrid_group: "x25519"
nid: '0x2FB0'
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x022C'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp256_r1
nid: '0x2F2C'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: x25519
nid: '0x2FAC'
-
family: 'HQC'
name_group: 'hqc192'
nid: '0x0245'
nid_hybrid: '0x2F45'
oqs_alg: 'OQS_KEM_alg_hqc_192'
extra_nids:
current:
- hybrid_group: "x448"
nid: '0x2FB1'
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x022D'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp384_r1
nid: '0x2F2D'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: x448
nid: '0x2FAD'
-
family: 'HQC'
name_group: 'hqc256'
nid: '0x0246'
nid_hybrid: '0x2F46'
oqs_alg: 'OQS_KEM_alg_hqc_256'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
nid: '0x022E'
- implementation_version: NIST Round 3 submission
nist-round: 3
hybrid_group: secp521_r1
nid: '0x2F2E'
kem_nid_end: '0x0250'
kem_nid_hybrid_end: '0x2FFF'
# need to edit ssl_local.h macros IS_OQS_KEM_CURVEID and IS_OQS_KEM_HYBRID_CURVEID with the above _end values
# Next free signature ID: 0xfed7
sigs:
# -
# iso (1)
# identified-organization (3)
# reserved (9999)
# oqs_sig_default (1)
# disabled
#variants:
# -
# name: 'oqs_sig_default'
# pretty_name: 'OQS Default Signature Algorithm'
# oqs_meth: 'OQS_SIG_alg_default'
# oid: '1.3.9999.1.1'
# code_point: '0xfe00'
# enable: true
# mix_with: [{'name': 'p256',
# 'pretty_name': 'ECDSA p256',
# 'oid': '1.3.9999.1.2',
# 'code_point': '0xfe01'},
# {'name': 'rsa3072',
# 'pretty_name': 'RSA3072',
# 'oid': '1.3.9999.1.3',
# 'code_point': '0xfe02'}]
-
# OID scheme for hybrid variants of Dilithium:
# iso (1)
# identified-organization (3)
# reserved (9999)
# dilithium (2)
# OID scheme for plain Dilithium:
# iso (1)
# identified-organization (3)
# dod (6)
# internet (1)
# private (4)
# enterprise (1)
# IBM (2)
# qsc (267)
# Dilithium-r3 (7)
family: 'CRYSTALS-Dilithium'
variants:
-
name: 'dilithium2'
pretty_name: 'Dilithium2'
oqs_meth: 'OQS_SIG_alg_dilithium_2'
oid: '1.3.6.1.4.1.2.267.7.4.4'
code_point: '0xfea0'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
enable: true
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.2.7.1',
'code_point': '0xfea1'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.2.7.2',
'code_point': '0xfea2'}]
-
name: 'dilithium3'
pretty_name: 'Dilithium3'
oqs_meth: 'OQS_SIG_alg_dilithium_3'
oid: '1.3.6.1.4.1.2.267.7.6.5'
code_point: '0xfea3'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
enable: true
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.2.7.3',
'code_point': '0xfea4'}]
-
name: 'dilithium5'
pretty_name: 'Dilithium5'
oqs_meth: 'OQS_SIG_alg_dilithium_5'
oid: '1.3.6.1.4.1.2.267.7.8.7'
code_point: '0xfea5'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
enable: true
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.2.7.4',
'code_point': '0xfea6'}]
-
name: 'dilithium2_aes'
pretty_name: 'Dilithium2_AES'
oqs_meth: 'OQS_SIG_alg_dilithium_2_aes'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.6.1.4.1.2.267.11.4.4'
code_point: '0xfea7'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.2.11.1',
'code_point': '0xfea8'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.2.11.2',
'code_point': '0xfea9'}]
-
name: 'dilithium3_aes'
pretty_name: 'Dilithium3_AES'
oqs_meth: 'OQS_SIG_alg_dilithium_3_aes'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.6.1.4.1.2.267.11.6.5'
code_point: '0xfeaa'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.2.11.3',
'code_point': '0xfeab'}]
-
name: 'dilithium5_aes'
pretty_name: 'Dilithium5_AES'
oqs_meth: 'OQS_SIG_alg_dilithium_5_aes'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.6.1.4.1.2.267.11.8.7'
code_point: '0xfeac'
supported_encodings: ['draft-uni-qsckeys-dilithium-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.2.11.4',
'code_point': '0xfead'}]
-
family: 'ML-DSA'
variants:
-
name: 'mldsa44'
pretty_name: 'ML-DSA-44'
oqs_meth: 'OQS_SIG_alg_ml_dsa_44'
oid: '1.3.6.1.4.1.2.267.12.4.4'
code_point: '0xfed0'
enable: true
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.7.1',
'code_point': '0xfed3'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.7.2',
'code_point': '0xfed4'}]
-
name: 'mldsa65'
pretty_name: 'ML-DSA-65'
oqs_meth: 'OQS_SIG_alg_ml_dsa_65'
oid: '1.3.6.1.4.1.2.267.12.6.5'
code_point: '0xfed1'
enable: true
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.7.3',
'code_point': '0xfed5'}]
-
name: 'mldsa87'
pretty_name: 'ML-DSA-87'
oqs_meth: 'OQS_SIG_alg_ml_dsa_87'
oid: '1.3.6.1.4.1.2.267.12.8.7'
code_point: '0xfed2'
enable: true
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.7.4',
'code_point': '0xfed6'}]
-
# iso (1)
# identified-organization (3)
# reserved (9999)
# falcon (3)
family: 'Falcon'
variants:
-
name: 'falcon512'
pretty_name: 'Falcon-512'
oqs_meth: 'OQS_SIG_alg_falcon_512'
oid: '1.3.9999.3.6'
code_point: '0xfeae'
supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk']
enable: true
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.3.7',
'code_point': '0xfeaf'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.3.8',
'code_point': '0xfeb0'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.3.1'
code_point: '0xfe0b'
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.3.2',
'code_point': '0xfe0c'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.3.3',
'code_point': '0xfe0d'}]
-
name: 'falcon1024'
pretty_name: 'Falcon-1024'
oqs_meth: 'OQS_SIG_alg_falcon_1024'
oid: '1.3.9999.3.9'
code_point: '0xfeb1'
supported_encodings: ['draft-uni-qsckeys-falcon-00/sk-pk']
enable: true
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.3.10',
'code_point': '0xfeb2'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.3.4'
code_point: '0xfe0e'
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.3.5',
'code_point': '0xfe0f'}]
-
family: 'SPHINCS-Haraka'
variants:
-
name: 'sphincsharaka128frobust'
pretty_name: 'SPHINCS+-Haraka-128f-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128f_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.1.1'
code_point: '0xfe42'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.1.2',
'code_point': '0xfe43'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.1.3',
'code_point': '0xfe44'}]
-
name: 'sphincsharaka128fsimple'
pretty_name: 'SPHINCS+-Haraka-128f-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128f_simple'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.1.4'
code_point: '0xfe45'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.1.5',
'code_point': '0xfe46'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.1.6',
'code_point': '0xfe47'}]
-
name: 'sphincsharaka128srobust'
pretty_name: 'SPHINCS+-Haraka-128s-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128s_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.1.7'
code_point: '0xfe48'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.1.8',
'code_point': '0xfe49'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.1.9',
'code_point': '0xfe4a'}]
-
name: 'sphincsharaka128ssimple'
pretty_name: 'SPHINCS+-Haraka-128s-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_128s_simple'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.1.10'
code_point: '0xfe4b'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.1.11',
'code_point': '0xfe4c'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.1.12',
'code_point': '0xfe4d'}]
-
name: 'sphincsharaka192frobust'
pretty_name: 'SPHINCS+-Haraka-192f-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192f_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.2.1'
code_point: '0xfe4e'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.2.2',
'code_point': '0xfe4f'}]
-
name: 'sphincsharaka192fsimple'
pretty_name: 'SPHINCS+-Haraka-192f-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192f_simple'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.2.3'
code_point: '0xfe50'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.2.4',
'code_point': '0xfe51'}]
-
name: 'sphincsharaka192srobust'
pretty_name: 'SPHINCS+-Haraka-192s-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192s_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.2.5'
code_point: '0xfe52'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.2.6',
'code_point': '0xfe53'}]
-
name: 'sphincsharaka192ssimple'
pretty_name: 'SPHINCS+-Haraka-192s-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_192s_simple'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.2.7'
code_point: '0xfe54'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.2.8',
'code_point': '0xfe55'}]
-
name: 'sphincsharaka256frobust'
pretty_name: 'SPHINCS+-Haraka-256f-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256f_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.3.1'
code_point: '0xfe56'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.3.2',
'code_point': '0xfe57'}]
-
name: 'sphincsharaka256fsimple'
pretty_name: 'SPHINCS+-Haraka-256f-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256f_simple'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.3.3'
code_point: '0xfe58'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.3.4',
'code_point': '0xfe59'}]
-
name: 'sphincsharaka256srobust'
pretty_name: 'SPHINCS+-Haraka-256s-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256s_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.3.5'
code_point: '0xfe5a'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.3.6',
'code_point': '0xfe5b'}]
-
name: 'sphincsharaka256ssimple'
pretty_name: 'SPHINCS+-Haraka-256s-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_haraka_256s_simple'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.3.7'
code_point: '0xfe5c'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.3.8',
'code_point': '0xfe5d'}]
-
family: 'SPHINCS-SHA2'
variants:
-
name: 'sphincssha26128frobust'
pretty_name: 'SPHINCS+-SHA256-128f-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128f_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.4.1'
code_point: '0xfe5e'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.4.2',
'code_point': '0xfe5f'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.4.3',
'code_point': '0xfe60'}]
-
name: 'sphincssha2128fsimple'
pretty_name: 'SPHINCS+-SHA2-128f-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_sha2_128f_simple'
oid: '1.3.9999.6.4.13'
code_point: '0xfeb3'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.4.14',
'code_point': '0xfeb4'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.4.15',
'code_point': '0xfeb5'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.4.4'
code_point: '0xfe61'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.4.5',
'code_point': '0xfe62'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.4.6',
'code_point': '0xfe63'}]
-
name: 'sphincssha256128srobust'
pretty_name: 'SPHINCS+-SHA256-128s-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_sha256_128s_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.4.7'
code_point: '0xfe64'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.4.8',
'code_point': '0xfe65'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.4.9',
'code_point': '0xfe66'}]
-
name: 'sphincssha2128ssimple'
pretty_name: 'SPHINCS+-SHA2-128s-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_sha2_128s_simple'
oid: '1.3.9999.6.4.16'
code_point: '0xfeb6'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.4.17',
'code_point': '0xfeb7'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.4.18',
'code_point': '0xfeb8'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.4.10'
code_point: '0xfe67'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.4.11',
'code_point': '0xfe68'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.4.12',
'code_point': '0xfe69'}]
-
name: 'sphincssha256192frobust'
pretty_name: 'SPHINCS+-SHA256-192f-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192f_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.5.1'
code_point: '0xfe6a'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.5.2',
'code_point': '0xfe6b'}]
-
name: 'sphincssha2192fsimple'
pretty_name: 'SPHINCS+-SHA2-192f-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_sha2_192f_simple'
oid: '1.3.9999.6.5.10'
code_point: '0xfeb9'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.5.11',
'code_point': '0xfeba'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.5.3'
code_point: '0xfe6c'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.5.4',
'code_point': '0xfe6d'}]
-
name: 'sphincssha256192srobust'
pretty_name: 'SPHINCS+-SHA256-192s-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_sha256_192s_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.5.5'
code_point: '0xfe6e'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.5.6',
'code_point': '0xfe6f'}]
-
name: 'sphincssha2192ssimple'
pretty_name: 'SPHINCS+-SHA2-192s-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_sha2_192s_simple'
oid: '1.3.9999.6.5.12'
code_point: '0xfebb'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.5.13',
'code_point': '0xfebc'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.5.7'
code_point: '0xfe70'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.5.8',
'code_point': '0xfe71'}]
-
name: 'sphincssha256256frobust'
pretty_name: 'SPHINCS+-SHA256-256f-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256f_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.6.1'
code_point: '0xfe72'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.6.2',
'code_point': '0xfe73'}]
-
name: 'sphincssha2256fsimple'
pretty_name: 'SPHINCS+-SHA2-256f-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_sha2_256f_simple'
oid: '1.3.9999.6.6.10'
code_point: '0xfebd'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.6.11',
'code_point': '0xfebe'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.6.3'
code_point: '0xfe74'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.6.4',
'code_point': '0xfe75'}]
-
name: 'sphincssha256256srobust'
pretty_name: 'SPHINCS+-SHA256-256s-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_sha256_256s_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.6.5'
code_point: '0xfe76'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.6.6',
'code_point': '0xfe77'}]
-
name: 'sphincssha2256ssimple'
pretty_name: 'SPHINCS+-SHA2-256s-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_sha2_256s_simple'
oid: '1.3.9999.6.6.12'
code_point: '0xfec0'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.6.13',
'code_point': '0xfec1'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.6.7'
code_point: '0xfe78'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.6.8',
'code_point': '0xfe79'}]
-
family: 'SPHINCS-SHAKE'
variants:
-
name: 'sphincsshake256128frobust'
pretty_name: 'SPHINCS+-SHAKE256-128f-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128f_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.7.1'
code_point: '0xfe7a'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.7.2',
'code_point': '0xfe7b'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.7.3',
'code_point': '0xfe7c'}]
-
name: 'sphincsshake128fsimple'
pretty_name: 'SPHINCS+-SHAKE-128f-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_shake_128f_simple'
oid: '1.3.9999.6.7.13'
code_point: '0xfec2'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.7.14',
'code_point': '0xfec3'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.7.15',
'code_point': '0xfec4'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.7.4'
code_point: '0xfe7d'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.7.5',
'code_point': '0xfe7e'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.7.6',
'code_point': '0xfe7f'}]
-
name: 'sphincsshake256128srobust'
pretty_name: 'SPHINCS+-SHAKE256-128s-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_shake256_128s_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.7.7'
code_point: '0xfe80'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.7.8',
'code_point': '0xfe81'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.7.9',
'code_point': '0xfe82'}]
-
name: 'sphincsshake128ssimple'
pretty_name: 'SPHINCS+-SHAKE-128s-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_shake_128s_simple'
oid: '1.3.9999.6.7.16'
code_point: '0xfec5'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.7.17',
'code_point': '0xfec6'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.7.18',
'code_point': '0xfec7'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.7.10'
code_point: '0xfe83'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p256',
'pretty_name': 'ECDSA p256',
'oid': '1.3.9999.6.7.11',
'code_point': '0xfe84'},
{'name': 'rsa3072',
'pretty_name': 'RSA3072',
'oid': '1.3.9999.6.7.12',
'code_point': '0xfe85'}]
-
name: 'sphincsshake256192frobust'
pretty_name: 'SPHINCS+-SHAKE256-192f-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192f_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.8.1'
code_point: '0xfe86'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.8.2',
'code_point': '0xfe87'}]
-
name: 'sphincsshake192fsimple'
pretty_name: 'SPHINCS+-SHAKE-192f-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_shake_192f_simple'
oid: '1.3.9999.6.8.10'
code_point: '0xfec8'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.8.11',
'code_point': '0xfec9'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.8.3'
code_point: '0xfe88'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.8.4',
'code_point': '0xfe89'}]
-
name: 'sphincsshake256192srobust'
pretty_name: 'SPHINCS+-SHAKE256-192s-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_shake256_192s_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.8.5'
code_point: '0xfe8a'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.8.6',
'code_point': '0xfe8b'}]
-
name: 'sphincsshake192ssimple'
pretty_name: 'SPHINCS+-SHAKE-192s-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_shake_192s_simple'
oid: '1.3.9999.6.8.12'
code_point: '0xfeca'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.8.13',
'code_point': '0xfecb'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.8.7'
code_point: '0xfe8c'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p384',
'pretty_name': 'ECDSA p384',
'oid': '1.3.9999.6.8.8',
'code_point': '0xfe8d'}]
-
name: 'sphincsshake256256frobust'
pretty_name: 'SPHINCS+-SHAKE256-256f-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256f_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.9.1'
code_point: '0xfe8e'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.9.2',
'code_point': '0xfe8f'}]
-
name: 'sphincsshake256fsimple'
pretty_name: 'SPHINCS+-SHAKE-256f-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_shake_256f_simple'
oid: '1.3.9999.6.9.10'
code_point: '0xfecc'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.9.11',
'code_point': '0xfecd'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.9.3'
code_point: '0xfe90'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.9.4',
'code_point': '0xfe91'}]
-
name: 'sphincsshake256256srobust'
pretty_name: 'SPHINCS+-SHAKE256-256s-robust'
oqs_meth: 'OQS_SIG_alg_sphincs_shake256_256s_robust'
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.9.5'
code_point: '0xfe92'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.9.6',
'code_point': '0xfe93'}]
-
name: 'sphincsshake256ssimple'
pretty_name: 'SPHINCS+-SHAKE-256s-simple'
oqs_meth: 'OQS_SIG_alg_sphincs_shake_256s_simple'
oid: '1.3.9999.6.9.12'
code_point: '0xfece'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
enable: true
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.9.13',
'code_point': '0xfecf'}]
extra_nids:
old:
- implementation_version: NIST Round 3 submission
nist-round: 3
oid: '1.3.9999.6.9.7'
code_point: '0xfe94'
supported_encodings: ['draft-uni-qsckeys-sphincsplus-00/sk-pk']
mix_with: [{'name': 'p521',
'pretty_name': 'ECDSA p521',
'oid': '1.3.9999.6.9.8',
'code_point': '0xfe95'}]Only now I saw the warning in the README file
A limitation present in older OpenSSL versions is the number of default groups supported: https://github.com/openssl/openssl/issues/23624 , e.g., passing to SSL_CTX_set1_groups. Therefore caution is advised activating all KEMs supported by oqsprovider: This may lead to openssl crashing, depending on the OpenSSL version used: The problem is gone in OpenSSL "master" branch and (will be gone) in the releases 3.3.0, 3.2.2., 3.1.6 and 3.0.14.
So perhaps what I observe is just https://github.com/openssl/openssl/issues/23624 ? I'm using a version where this was not fixed. I will be happy to report back when Arch updates to the new OpenSSL version.
I don't know if it's exactly what @mouse07410 originally reported because he didn't mention changing the generate.yml file to enable more algs.
baentsch
commented
2 months ago And I can only reproduce if I enable all the algs
Ahh....
So perhaps what I observe is just https://github.com/openssl/openssl/issues/23624 ?
Well, yes, that's a very high likelihood: You could confirm if the same setting (with all algs enabled) works OK for you using openssl "master" (where this is fixed).
mouse07410
commented
2 months ago I don't recall changing generate.yml file, but the file is 1473 frigging lines - making it next to impossible to check.
But I blew away my copy of the repo, re-cloned it a-fresh, and repeated the test - so I can be sure that oqs-templates/generate.yml is the default version, and not something tampered with my me.
So far, result is rather sad: the problem remains.
Neither OpenSSL-3.4.0-dev, nor OpenSSL-3.2.1 were able to connect to https://index.crates.io:443 with oqs-provider enabled.
When I disable oqs-provider - connection succeeds:
$ echo Q | openssl s_client -proxy myserver:8000 -trace -debug -msg -showcerts -connect index.crates.io:443
CONNECTED(00000005)
write to 0x6000029a4400 [0x7fea91829000] (70 bytes => 70 (0x46))
0000 - 43 4f 4e 4e 45 43 54 20-69 6e 64 65 78 2e 63 72 CONNECT index.cr
0010 - 61 74 65 73 2e 69 6f 3a-34 34 33 20 48 54 54 50 ates.io:443 HTTP
0020 - 2f 31 2e 30 0d 0a 50 72-6f 78 79 2d 43 6f 6e 6e /1.0..Proxy-Conn
0030 - 65 63 74 69 6f 6e 3a 20-4b 65 65 70 2d 41 6c 69 ection: Keep-Ali
0040 - 76 65 0d 0a 0d 0a ve....
read from 0x6000029a4400 [0x7fea91821c00] (4096 bytes => 39 (0x27))
0000 - 48 54 54 50 2f 31 2e 30-20 32 30 30 20 43 6f 6e HTTP/1.0 200 Con
0010 - 6e 65 63 74 69 6f 6e 20-65 73 74 61 62 6c 69 73 nection establis
0020 - 68 65 64 0d 0a 0d 0a hed....
>>> TLS 1.0, RecordHeader [length 0005]
16 03 01 01 59
>>> TLS 1.3, Handshake [length 0159], ClientHello
01 00 01 55 03 03 74 81 2c df b0 22 55 23 f3 ef
07 b1 f0 1b 99 e8 96 c8 4e 50 74 40 8a f9 fd 11
f3 72 1e 28 15 26 20 79 ec c1 e2 0c 89 e3 ba 8e
19 88 bc 41 dd f7 d8 6c ea b3 81 94 ac d3 dd d3
. . .
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5578 bytes and written 484 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
>>> TLS 1.2, RecordHeader [length 0005]
17 03 03 00 13
>>> TLS 1.2, InnerContent [length 0001]
15
write to 0x600003338500 [0x7fc76c810203] (24 bytes => 24 (0x18))
0000 - 17 03 03 00 13 ec 21 e9-80 b7 da 68 55 b4 3b da ......!....hU.;.
0010 - e3 bf f9 e0 dd 14 71 7c- ......q|
>>> TLS 1.3, Alert [length 0002], warning close_notify
01 00
read from 0x600003338500 [0x7fc76a80e400] (8192 bytes => 0)
$ Just tried with index.crates.io:443 and again, everything works fine (openssl 3.2.1 on Linux x64) -- albeit without proxy: That may be an issue... What/How did you set that up? Attached my full log for comparison fyi crates.log
mouse07410
commented
2 months ago Just tried with index.crates.io:443 and again, everything works fine (openssl 3.2.1 on Linux x64) -- albeit without proxy: That may be an issue...
I strongly doubt that proxy is the issue here, because it's been working through proxy just fine all the time up until the update of Apr 12th. If you recall, a few months ago you added support for proxy to the tests, which have all been passing since.
What/How did you set that up?
Because one cannot reach Internet sites from behind a corporate firewall unless one goes through a web proxy referred to by env var HTTP_PROXY and HTTPS_PROXY.
So, the "how" is obvious (and hasn't changed here in the last 15 years or so):
export HTTP_PROXY=myserver:8000And in my case, the log stops after "Client Hello" is sent.
With OpenSSL-3.2.1 and oqs-provider commented out/disabled:
$ echo Q | openssl s_client -proxy myserver:8000 -connect index.crates.io:443
Connecting to 155.34.234.20
CONNECTED(00000005)
depth=2 C=US, O=Amazon, CN=Amazon Root CA 1
verify return:1
depth=1 C=US, O=Amazon, CN=Amazon RSA 2048 M02
verify return:1
depth=0 CN=crates.io
verify return:1
---
Certificate chain
0 s:CN=crates.io
i:C=US, O=Amazon, CN=Amazon RSA 2048 M02
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Dec 26 00:00:00 2023 GMT; NotAfter: Jan 23 23:59:59 2025 GMT
1 s:C=US, O=Amazon, CN=Amazon RSA 2048 M02
i:C=US, O=Amazon, CN=Amazon Root CA 1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 23 22:25:30 2022 GMT; NotAfter: Aug 23 22:25:30 2030 GMT
2 s:C=US, O=Amazon, CN=Amazon Root CA 1
i:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT
3 s:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
i:C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgIQBBKvEgBWFwE0iS+JidbVrjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMTIyNjAwMDAwMFoXDTI1MDEyMzIzNTk1OVowFDES
MBAGA1UEAxMJY3JhdGVzLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy2haLO787eMcOSGe4qehA+AmyuqyAMFqLeF33XyQjeR+GKvppgyMnIBZBHd6
aJhxxCn8tGefLUfOHN0fQhWFjQqJlpSB0pGlOM1NsdKERhUxMOU8/lWddPojhLDV
5ii3tFwDNz0hSEp9C1Pe+dxTs7QwM0QIoMWx0ilBuu97Nb8pFiQ9EAW54Qkkc3Vg
EvZsTcmn0/GdTXzUIdxfWwsdbOT3Op67Fydm+mgb6wBnfKEHVUYhXkdJO3qXyQ3C
mKj6JHtl6cuzM75F8WYezHfNrnuwPZupWZW0a6ynMS5UV8dDQX8Bw4KTvBUgJdst
zXnwbeqtv17NKlzIdDZQ+JrhMQIDAQABo4IDIzCCAx8wHwYDVR0jBBgwFoAUwDFS
zVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFC9gT8cdSeXvHZqAvv2dN3bUXqDL
MFQGA1UdEQRNMEuCCWNyYXRlcy5pb4IbY2xvdWRmcm9udC1zdGF0aWMuY3JhdGVz
Lmlvgg9pbmRleC5jcmF0ZXMuaW+CEHN0YXRpYy5jcmF0ZXMuaW8wEwYDVR0gBAww
CjAIBgZngQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAyLmFt
YXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUF
BzABhiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUH
MAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNlcjAM
BgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgBOdaMnXJoQ
wzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAYyk7HigAAAEAwBHMEUCIQCkZI6S
6nOLaw9sa8Cd7RbhYX6FD9hu7lBh0XpqSTdSzQIgCkG3r93jwZFKF9vsfAZjGIYE
GLzxlECCAk4lT1MA/J0AdwB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55
uAAAAYyk7HjKAAAEAwBIMEYCIQDXRj1U4eH7nrlKXB418zI54VyYPMuiolkRYDTm
5W//uQIhAMgXFQyAod+UzSZzr/P8EhLUWv8f6SF10OVSd1LqzZ2IAHYA5tIxY0B3
jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGMpOx48wAABAMARzBFAiBcJfi7
fjegAGvuLCxeGcayOuXkx/SIFfvTIWCUN1WsFQIhAMaIH5DhAvGa2/LSYTqHfZYa
QQOIOpU0kVNlwSmxKRiSMA0GCSqGSIb3DQEBCwUAA4IBAQB1pnJRwmFIT/7tCBgG
jpq9u3sBYenQh4ntJ4ueoMlofRoaxNVvgb1jozd1CYPo2tzJnXx+F1TX+2howFVQ
I9SP68YGV7ZaHCNPwiaQGtI6U3OEN8NawbZ8KwuitEytmpi1+AutVsvl11xQhYvJ
TMvO4Ixzb2z8KfrNQx2Ll1zxXhqydjX7VBp36FF6Nn6otgxL7o39aNEhbY6PnpnO
3TU6U8N73uDMe5zJJXgsuI8mLohqphC8mTR3fZAr10vbu843CiGl9iCnoVJ50mvG
Vab0jbgl/Sq1zYzYzwjGbr512wD/qfH4FKCFC5juAkgrxrFv5QgbMm4K622N9i4O
MOPX
-----END CERTIFICATE-----
subject=CN=crates.io
issuer=C=US, O=Amazon, CN=Amazon RSA 2048 M02
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5578 bytes and written 484 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
$ Same setup and command, with oqs-provider enabled:
$ echo Q | openssl s_client -proxy myserver:8000 -connect index.crates.io:443
Connecting to 155.34.234.20
CONNECTED(00000005)
^C [have to kill, or wait for timeout]
$or with debug:
$ echo Q | openssl s_client -proxy myserver:8000 -msg -connect index.crates.io:443
Connecting to 155.34.234.20
CONNECTED(00000005)
>>> TLS 1.0, RecordHeader [length 0005]
16 03 01 01 b9
>>> TLS 1.3, Handshake [length 01b9], ClientHello
01 00 01 b5 03 03 a0 2b 67 80 55 5e 98 7c b8 75
99 06 74 e4 ae 82 a2 0d 87 46 a1 f3 31 2c c7 6a
36 4b f0 fa e7 be 20 be ce 69 a3 33 cc 1c 18 97
ab 2f b3 a9 17 c2 2f f8 d2 e2 ba b2 6b f1 21 49
24 8b 82 49 01 a0 c4 00 48 13 02 13 03 13 01 c0
2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00
9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0
14 00 39 c0 09 c0 13 00 33 00 9d 00 9c c1 01 c1
00 00 3d 00 3c ff 85 c1 02 00 81 00 35 00 2f 00
ff 01 00 01 24 00 00 00 14 00 12 00 00 0f 69 6e
64 65 78 2e 63 72 61 74 65 73 2e 69 6f 00 0b 00
04 03 00 01 02 00 0a 00 16 00 14 00 1d 00 17 00
1e 00 19 00 18 01 00 01 01 01 02 01 03 01 04 00
23 00 00 00 16 00 00 00 17 00 00 00 0d 00 9a 00
98 04 03 05 03 06 03 08 07 08 08 08 1a 08 1b 08
1c 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05
01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 08
40 08 41 ee ee ef ef ed ed fe a0 fe a1 fe a2 fe
a3 fe a4 fe a5 fe a6 fe d0 fe d3 fe d4 fe e1 fe
e2 fe e3 fe e4 fe e5 fe d1 fe d5 fe e6 fe e7 fe
e8 fe e9 fe ea fe d2 fe d6 fe eb fe ec fe ed fe
d7 fe d8 fe d9 fe dc fe dd fe de fe da fe db fe
df fe e0 fe b3 fe b4 fe b5 fe b6 fe b7 fe b8 fe
b9 fe ba fe c2 fe c3 fe c4 00 2b 00 05 04 03 04
03 03 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d
00 20 32 7b 1d 3f 9d 88 28 e6 5b 52 a8 9f 97 b5
49 17 4c 32 7a 43 59 36 5f f3 5d 27 84 00 4b 8b
83 41 00 1b 00 03 02 00 01
<<< TLS 1.2, RecordHeader [length 0005]
15 03 03 00 02
<<< TLS 1.3, Alert [length 0002], warning close_notify
01 00
closed
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 46 bytes and written 516 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
$ In fact, I don't even need to specify proxy for OpenSSL when OQS provider is disabled - it works:
$ echo Q | openssl s_client -connect index.crates.io:443
Connecting to 18.165.83.92
CONNECTED(00000006)
depth=2 C=US, O=Amazon, CN=Amazon Root CA 1
verify return:1
depth=1 C=US, O=Amazon, CN=Amazon RSA 2048 M02
verify return:1
depth=0 CN=crates.io
verify return:1
---
Certificate chain
0 s:CN=crates.io
i:C=US, O=Amazon, CN=Amazon RSA 2048 M02
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Dec 26 00:00:00 2023 GMT; NotAfter: Jan 23 23:59:59 2025 GMT
1 s:C=US, O=Amazon, CN=Amazon RSA 2048 M02
i:C=US, O=Amazon, CN=Amazon Root CA 1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 23 22:25:30 2022 GMT; NotAfter: Aug 23 22:25:30 2030 GMT
2 s:C=US, O=Amazon, CN=Amazon Root CA 1
i:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT
3 s:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
i:C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgIQBBKvEgBWFwE0iS+JidbVrjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMTIyNjAwMDAwMFoXDTI1MDEyMzIzNTk1OVowFDES
MBAGA1UEAxMJY3JhdGVzLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy2haLO787eMcOSGe4qehA+AmyuqyAMFqLeF33XyQjeR+GKvppgyMnIBZBHd6
aJhxxCn8tGefLUfOHN0fQhWFjQqJlpSB0pGlOM1NsdKERhUxMOU8/lWddPojhLDV
5ii3tFwDNz0hSEp9C1Pe+dxTs7QwM0QIoMWx0ilBuu97Nb8pFiQ9EAW54Qkkc3Vg
EvZsTcmn0/GdTXzUIdxfWwsdbOT3Op67Fydm+mgb6wBnfKEHVUYhXkdJO3qXyQ3C
mKj6JHtl6cuzM75F8WYezHfNrnuwPZupWZW0a6ynMS5UV8dDQX8Bw4KTvBUgJdst
zXnwbeqtv17NKlzIdDZQ+JrhMQIDAQABo4IDIzCCAx8wHwYDVR0jBBgwFoAUwDFS
zVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFC9gT8cdSeXvHZqAvv2dN3bUXqDL
MFQGA1UdEQRNMEuCCWNyYXRlcy5pb4IbY2xvdWRmcm9udC1zdGF0aWMuY3JhdGVz
Lmlvgg9pbmRleC5jcmF0ZXMuaW+CEHN0YXRpYy5jcmF0ZXMuaW8wEwYDVR0gBAww
CjAIBgZngQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAyLmFt
YXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUF
BzABhiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUH
MAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNlcjAM
BgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgBOdaMnXJoQ
wzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAYyk7HigAAAEAwBHMEUCIQCkZI6S
6nOLaw9sa8Cd7RbhYX6FD9hu7lBh0XpqSTdSzQIgCkG3r93jwZFKF9vsfAZjGIYE
GLzxlECCAk4lT1MA/J0AdwB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55
uAAAAYyk7HjKAAAEAwBIMEYCIQDXRj1U4eH7nrlKXB418zI54VyYPMuiolkRYDTm
5W//uQIhAMgXFQyAod+UzSZzr/P8EhLUWv8f6SF10OVSd1LqzZ2IAHYA5tIxY0B3
jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGMpOx48wAABAMARzBFAiBcJfi7
fjegAGvuLCxeGcayOuXkx/SIFfvTIWCUN1WsFQIhAMaIH5DhAvGa2/LSYTqHfZYa
QQOIOpU0kVNlwSmxKRiSMA0GCSqGSIb3DQEBCwUAA4IBAQB1pnJRwmFIT/7tCBgG
jpq9u3sBYenQh4ntJ4ueoMlofRoaxNVvgb1jozd1CYPo2tzJnXx+F1TX+2howFVQ
I9SP68YGV7ZaHCNPwiaQGtI6U3OEN8NawbZ8KwuitEytmpi1+AutVsvl11xQhYvJ
TMvO4Ixzb2z8KfrNQx2Ll1zxXhqydjX7VBp36FF6Nn6otgxL7o39aNEhbY6PnpnO
3TU6U8N73uDMe5zJJXgsuI8mLohqphC8mTR3fZAr10vbu843CiGl9iCnoVJ50mvG
Vab0jbgl/Sq1zYzYzwjGbr512wD/qfH4FKCFC5juAkgrxrFv5QgbMm4K622N9i4O
MOPX
-----END CERTIFICATE-----
subject=CN=crates.io
issuer=C=US, O=Amazon, CN=Amazon RSA 2048 M02
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5539 bytes and written 414 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
$Also, not sure if it's related - but with OpenSSL-3.4.0-dev master the tests report
Using Web proxy "xxxxx-irrelevant-xxxxx"
Cloudflare:
x25519_kyber768 @ oqsprovider
kex=X25519Kyber768Draft00
x25519_kyber512 @ oqsprovider
kex=X25519Kyber512Draft00
Test project /Users/ur20980/src/oqs-provider/_build
Start 1: oqs_signatures
1/6 Test #1: oqs_signatures ................... Passed 3.97 sec
Start 2: oqs_kems
2/6 Test #2: oqs_kems ......................... Passed 0.24 sec
Start 3: oqs_groups
3/6 Test #3: oqs_groups ....................... Passed 0.37 sec
Start 4: oqs_tlssig
4/6 Test #4: oqs_tlssig ....................... Passed 204.16 sec
Start 5: oqs_endecode
5/6 Test #5: oqs_endecode ..................... Passed 10.88 sec
Start 6: oqs_evp_pkey_params
6/6 Test #6: oqs_evp_pkey_params .............. Passed 1.17 sec
100% tests passed, 0 tests failed out of 6
Total Test time (real) = 222.93 secObserve test #4: while normally all the tests take up to a few seconds each - this one is more than 3.5 minutes.
For comparison, with OpenSSL-3.2.1:
Test project /Users/ur20980/src/oqs-provider/_build
Start 1: oqs_signatures
1/6 Test #1: oqs_signatures ................... Passed 3.93 sec
Start 2: oqs_kems
2/6 Test #2: oqs_kems ......................... Passed 0.31 sec
Start 3: oqs_groups
3/6 Test #3: oqs_groups ....................... Passed 0.45 sec
Start 4: oqs_tlssig
4/6 Test #4: oqs_tlssig ....................... Passed 2.81 sec
Start 5: oqs_endecode
5/6 Test #5: oqs_endecode ..................... Passed 10.56 sec
Start 6: oqs_evp_pkey_params
6/6 Test #6: oqs_evp_pkey_params .............. Passed 0.61 sec
100% tests passed, 0 tests failed out of 6
Total Test time (real) = 18.67 secOnly now I saw the warning in the README file
A limitation present in older OpenSSL versions is the number of default groups supported: openssl/openssl#23624 , e.g., passing to SSL_CTX_set1_groups. Therefore caution is advised activating all KEMs supported by oqsprovider: This may lead to openssl crashing, depending on the OpenSSL version used: The problem is gone in OpenSSL "master" branch and (will be gone) in the releases 3.3.0, 3.2.2., 3.1.6 and 3.0.14.
So perhaps what I observe is just openssl/openssl#23624 ? I'm using a version where this was not fixed. I will be happy to report back when Arch updates to the new OpenSSL version.
I don't know if it's exactly what @mouse07410 originally reported because he didn't mention changing the
generate.ymlfile to enable more algs.
I get the same issue with
$ openssl -version
OpenSSL 3.3.0 9 Apr 2024 (Library: OpenSSL 3.3.0 9 Apr 2024).fwupd.org fails immediately, while index.crates.io hangs for a while before failing, so I think there are two different issues.
echo Q | openssl s_client -provider default -provider oqsprovider -connect fwupd.org:443 130 ↵ iyan@bespin
Connecting to 54.68.82.113
CONNECTED(00000003)
4037677FA67A0000:error:0A000126:SSL routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:687:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 454 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---echo Q | openssl s_client -provider default -provider oqsprovider -connect index.crates.io:443 130 ↵ iyan@bespin
Connecting to 18.165.183.79
CONNECTED(00000003)
closed
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 453 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---Tomorrow I will do another git bisect fixing the oqsprovider version and changing OpenSSL instead. Hopefully it gives some more hints about the issue.
mouse07410
commented
2 months ago Forcing TLS v1.3 does not break test-connection to https://index.crates.io:443 when OQS provider removed.
Forcing TLS v1.2 when OQS provider is enabled does not help - TLS connection not established.
mouse07410
commented
2 months ago Just tried with index.crates.io:443 and again, everything works fine (openssl 3.2.1 on Linux x64) -- albeit without proxy: That may be an issue... What/How did you set that up? Attached my full log for comparison fyi crates.log
@baentsch For starters: your log is IPv6, and ours is IPv4.
baentsch
commented
2 months ago Yikes--is it really conceivable there's such a "logic difference" between IPv4&v6?
iyanmv
commented
2 months ago I did a git bisect all the way back to openssl 3.1.0 and this is the first commit where echo Q | openssl s_client -provider default -provider oqsprovider -connect index.crates.io:443 stops working.
Here is the complete log:
git bisect start
# status: waiting for both good and bad commits
# good: [a92271e03a8d0dee507b6f1e7f49512568b2c7ad] Prepare for release of 3.1.0
git bisect good a92271e03a8d0dee507b6f1e7f49512568b2c7ad
# status: waiting for bad commit, 1 good commit known
# bad: [4cb31128b5790819dfeea2739fbde265f71a10a2] Prepare for release of 3.3.0
git bisect bad 4cb31128b5790819dfeea2739fbde265f71a10a2
# good: [59f4a51a7f2c53b9fd161b032d0fcb8a85f4f19d] Add a test for verifying an email with a bad othername type
git bisect good 59f4a51a7f2c53b9fd161b032d0fcb8a85f4f19d
# good: [6a9ab9bc6879b11110183704ca6364bafe794764] Extend the corruption test to truncate a datagram
git bisect good 6a9ab9bc6879b11110183704ca6364bafe794764
# skip: [c276217e4bc9db08f0741882af837355f50c18ab] QUIC DDD: ddd-02-conn-nonblocking-threads: Unplanned changes
git bisect skip c276217e4bc9db08f0741882af837355f50c18ab
# skip: [277880e754c5a19cc456165560344204373a6b40] QUIC DDD: Final report
git bisect skip 277880e754c5a19cc456165560344204373a6b40
# bad: [499184145d22df59a9c53e530a5ccfdd07753614] Update unix Makefile template to handle paths with spaces
git bisect bad 499184145d22df59a9c53e530a5ccfdd07753614
# skip: [a1c56bbe79bcafb25880ce1deb7b75e2c6f5e0ce] QUIC SSL: HelloRetryRequest
git bisect skip a1c56bbe79bcafb25880ce1deb7b75e2c6f5e0ce
# bad: [86051eb2bb86e3a89e69abfb6419409aa701bcf7] drop! Make failing tests run on pull request to test
git bisect bad 86051eb2bb86e3a89e69abfb6419409aa701bcf7
# skip: [80935bf5ad309bf6c03591acf1d48fe1db57b78f] Don't take a write lock to retrieve a value from a stack
git bisect skip 80935bf5ad309bf6c03591acf1d48fe1db57b78f
# skip: [747b51f48338e3b7e53d0b7a87002edefc7e8439] Correctly keep track of where we are in the quicserver request buffer
git bisect skip 747b51f48338e3b7e53d0b7a87002edefc7e8439
# skip: [754d2282cd50fef14971605d7151623bb11e3fd6] QUIC RX: Support reporting the key epoch a packet was received with
git bisect skip 754d2282cd50fef14971605d7151623bb11e3fd6
# bad: [bbe9d2de6c643a2c6758fae4274c307943a59624] Coverity 1524597: null pointer dereference
git bisect bad bbe9d2de6c643a2c6758fae4274c307943a59624
# bad: [0e200d2a19185dab9d73eee90bd6cd0246416a9e] e_os2: add ossl_static_assert_type_eq
git bisect bad 0e200d2a19185dab9d73eee90bd6cd0246416a9e
# bad: [ac21c1780a63a8d9a3a6217eb52fe0d188fa7655] VMS knows POSIX threads too!
git bisect bad ac21c1780a63a8d9a3a6217eb52fe0d188fa7655
# bad: [5df5032ab02d7a17e07435de777d730bae190253] Fix incomplete error check on ASN1_item_i2d()
git bisect bad 5df5032ab02d7a17e07435de777d730bae190253
# good: [1dc35d44f355a7371a1ff8a457586938cc7b168a] Skip subdirectories in SSL_add_dir_cert_subjects_to_stack()
git bisect good 1dc35d44f355a7371a1ff8a457586938cc7b168a
# bad: [5e3b84505e44377b183e7529dab7585674b83936] Add OSSL_FUNC_keymgmt_im/export_types function that gets the provider context
git bisect bad 5e3b84505e44377b183e7529dab7585674b83936
# bad: [ee58915cfd9d0ad67f52d43cc1a2ce549049d248] first cut at sigalg loading
git bisect bad ee58915cfd9d0ad67f52d43cc1a2ce549049d248
# good: [1817dcaf556df559a32eed14d0947ff961be7b4f] test/recipes/01-test_symbol_presence.t: check for duplicate symbols in static libs
git bisect good 1817dcaf556df559a32eed14d0947ff961be7b4f
# first bad commit: [ee58915cfd9d0ad67f52d43cc1a2ce549049d248] first cut at sigalg loadingThanks for this bisect. Kind of expected this as this commit started asking providers for add'l sigalgs. So it could well be that the mere presence of unknown sigalg code points announced in the handshake make these servers "cringe" as already suggested by @levitte . If it only were a problem of the number of sigalgs, well try disabling all but one in the config .yml... Should the problem remain, change the remaining code point to a known one and if it works then, we know it's unknown sigalg code points making the server bail. If it's the length of sigalgs announced (my guess, as there seems to be a difference between IPv4 and v6, ie. possible fragmentation differences), I don't know how to tackle this :-(
iyanmv
commented
2 months ago I will do more experiments with IPv4 and IPv6, and limiting the enabled algs, but since this only happens with few servers and the way they fail is also differently, I also think it's a TLS implementation bug in the server side. Probably that change in openssl/oqsprovider makes it more obvious to experience.
levitte
commented
2 months ago Yikes--is it really conceivable there's such a "logic difference" between IPv4&v6?
If there is, that's beyond our scope. There could be some configuration differences, depending on the network path, but thats usually a bad config at a whole different level.
mouse07410
commented
2 months ago Thanks for this bisect. Kind of expected this as this commit started asking providers for add'l sigalgs. So it could well be that the mere presence of unknown sigalg code points announced in the handshake make these servers "cringe" as already suggested by @levitte .
Please note that the "offensive commit" seems to be merged on Feb 23, 2023. Everything had been working since then - I've been using OpenSSL and oqsprovider (implicitly) on a daily basis! - up until Apr 12, 2024.
I find it extremely hard to believe that a change incorporated more than a year ago could suddenly cause a "catastrophic" failure - because in my case the server stops processing and returns "Close_Notify" right upon/during processing "Client Hello".
@baentsch why don't you try the same with IPv4? It would give a good reference point, IMHO.
since this only happens with few servers and the way they fail is also differently, I also think it's a TLS implementation bug in the server side. Probably that change in openssl/oqsprovider makes it more obvious to experience.
Could you please summarize how different the failures are? In my case, it's "CloseNotify" by servers after taking a good look at "ClientHello", never another Server or Client message exchanged. I thought your symptoms were the same?
Would it make sense to examine successful and failing "ClientHello" content (decoded), with oqsprovider enabled and disabled? @baentsch or @levitte could you do that?
iyanmv
commented
2 months ago Thanks for this bisect. Kind of expected this as this commit started asking providers for add'l sigalgs. So it could well be that the mere presence of unknown sigalg code points announced in the handshake make these servers "cringe" as already suggested by @levitte .
Please note that the "offensive commit" seems to be merged on Feb 23, 2023. Everything had been working since then - I've been using OpenSSL and oqsprovider (implicitly) on a daily basis! - up until Apr 12, 2024.
Are you using OpenSSL directly from their repos and the main branch or do you use the OpenSSL provided by your distro? Maybe you got the updated version with that commit later in time and that's why it stopped working for you from April 12?
Could you please summarize how different the failures are? In my case, it's "CloseNotify" by servers after taking a good look at "ClientHello", never another Server or Client message exchanged. I thought your symptoms were the same?
Well, I can replicate your exact failure ("CloseNotify") with index.crates.io:443, but not with fwupd.org:443. Look, here are all the captures with and without oqsprovider.
fwupd.org_no_oqs.pcapng.txt fwupd.org_oqs.pcapng.txt index.crates.io_no_oqs.pcapng.txt index.crates.io_oqs.pcapng.txt
iyanmv
commented
2 months ago Both servers work correctly by disabling all sig algs in generate.yml except ML-DSA
sed -i -e 's/enable: true/enable: false/g' oqs-template/generate.yml
sed -i -e '552,660s/enable: false/enable: true/g' oqs-template/generate.yml$ openssl list -signature-algorithms -provider oqsprovider
mldsa44 @ oqsprovider
p256_mldsa44 @ oqsprovider
rsa3072_mldsa44 @ oqsprovider
mldsa44_pss2048 @ oqsprovider
mldsa44_rsa2048 @ oqsprovider
mldsa44_ed25519 @ oqsprovider
mldsa44_p256 @ oqsprovider
mldsa44_bp256 @ oqsprovider
mldsa65 @ oqsprovider
p384_mldsa65 @ oqsprovider
mldsa65_pss3072 @ oqsprovider
mldsa65_rsa3072 @ oqsprovider
mldsa65_p256 @ oqsprovider
mldsa65_bp256 @ oqsprovider
mldsa65_ed25519 @ oqsprovider
mldsa87 @ oqsprovider
p521_mldsa87 @ oqsprovider
mldsa87_p384 @ oqsprovider
mldsa87_bp384 @ oqsprovider
mldsa87_ed448 @ oqsprovider
$ openssl list -signature-algorithms -provider oqsprovider | wc -l
20I will now increase slowly the enabled sig algs and check when it breaks.
iyanmv
commented
2 months ago It looks like it's a matter of the number of enabled sig algs. The following works:
But these fail:
The max algs before it stops working is a number between 40 algs and 43, which happens after enabling the first 12 "enable: " occurrences in the generate.yml
levitte
commented
2 months ago Re my presence, I'm off this week, apart from small random comments. I can try to find time next week.
mouse07410
commented
2 months ago Are you using OpenSSL directly from their repos and the main branch or do you use the OpenSSL provided by your distro? Maybe you got the updated version with that commit later in time and that's why it stopped working for you from April 12?
For my testing - all of the following:
master branch;oqs-provider built form the source (daily) tracking main branch (separate builds for both of the above OpenSSL versions).iyanmv
commented
2 months ago Are you using OpenSSL directly from their repos and the main branch or do you use the OpenSSL provided by your distro? Maybe you got the updated version with that commit later in time and that's why it stopped working for you from April 12?
For my testing - all of the following:
* OpenSSL-3.2.1 binaries installed by Macports; * OpenSSL-3.4.0-dev built myself from the source (daily), tracking `master` branch; * `oqs-provider` built form the source (daily) tracking `main` branch (separate builds for both of the above OpenSSL versions).
Alright, then maybe you can try to disable some of the enabled sig algs and see if it works again for you? By default 48 sig algs are enabled in the current generate.yml, which triggers this issue in some servers (at least on my side with the experiments I did). For, example, you can do the following to modify the file:
# Disable all sig algs
sed -i -e 's/enable: true/enable: false/g' oqs-template/generate.yml
# Enable ML-DSA
sed -i -e '552,660s/enable: false/enable: true/g' oqs-template/generate.yml
# Enable Falcon
sed -i -e '661,763s/enable: false/enable: true/g' oqs-template/generate.ymlThen re-run the python script and compile oqsprovider. If it works for you as well, then I think a possible solution (even though the problem is not from openssl or oqsprovider) as suggested by @baentsch would be to reduce the list of default enabled sig algs.
iyanmv
commented
2 months ago That's weird. Did the sed commands work correctly? There should not be any enable: false in line 512: https://github.com/open-quantum-safe/oqs-provider/blob/86605d767a0c7de9462ce4eb70891f8d5e8e248f/oqs-template/generate.yml#L512
Do you get an error running the Python script if you don't modify the generate.yml? If that works, then perhaps don't use sed and manually disable some sig algs.
mouse07410
commented
2 months ago sed worked fine, but some other things did not. :-(
After straightening out all of those, I'm getting successful TLS connections.
Note: I'm only enabling ML-DSA and Dilithium5 signatures. No others.
@baentsch I strongly suggest changing the defaults (at least for now) in oqs-templates/generate.yml, and disabling all the signature algorithms except for ML-DSA.
$ echo Q | openssl s_client -connect index.crates.io:443
Connecting to 18.165.83.98
CONNECTED(00000006)
depth=2 C=US, O=Amazon, CN=Amazon Root CA 1
verify return:1
depth=1 C=US, O=Amazon, CN=Amazon RSA 2048 M02
verify return:1
depth=0 CN=crates.io
verify return:1
---
Certificate chain
0 s:CN=crates.io
i:C=US, O=Amazon, CN=Amazon RSA 2048 M02
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Dec 26 00:00:00 2023 GMT; NotAfter: Jan 23 23:59:59 2025 GMT
1 s:C=US, O=Amazon, CN=Amazon RSA 2048 M02
i:C=US, O=Amazon, CN=Amazon Root CA 1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 23 22:25:30 2022 GMT; NotAfter: Aug 23 22:25:30 2030 GMT
2 s:C=US, O=Amazon, CN=Amazon Root CA 1
i:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT
3 s:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
i:C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgIQBBKvEgBWFwE0iS+JidbVrjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMTIyNjAwMDAwMFoXDTI1MDEyMzIzNTk1OVowFDES
MBAGA1UEAxMJY3JhdGVzLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy2haLO787eMcOSGe4qehA+AmyuqyAMFqLeF33XyQjeR+GKvppgyMnIBZBHd6
aJhxxCn8tGefLUfOHN0fQhWFjQqJlpSB0pGlOM1NsdKERhUxMOU8/lWddPojhLDV
5ii3tFwDNz0hSEp9C1Pe+dxTs7QwM0QIoMWx0ilBuu97Nb8pFiQ9EAW54Qkkc3Vg
EvZsTcmn0/GdTXzUIdxfWwsdbOT3Op67Fydm+mgb6wBnfKEHVUYhXkdJO3qXyQ3C
mKj6JHtl6cuzM75F8WYezHfNrnuwPZupWZW0a6ynMS5UV8dDQX8Bw4KTvBUgJdst
zXnwbeqtv17NKlzIdDZQ+JrhMQIDAQABo4IDIzCCAx8wHwYDVR0jBBgwFoAUwDFS
zVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFC9gT8cdSeXvHZqAvv2dN3bUXqDL
MFQGA1UdEQRNMEuCCWNyYXRlcy5pb4IbY2xvdWRmcm9udC1zdGF0aWMuY3JhdGVz
Lmlvgg9pbmRleC5jcmF0ZXMuaW+CEHN0YXRpYy5jcmF0ZXMuaW8wEwYDVR0gBAww
CjAIBgZngQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAyLmFt
YXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUF
BzABhiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUH
MAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNlcjAM
BgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgBOdaMnXJoQ
wzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAYyk7HigAAAEAwBHMEUCIQCkZI6S
6nOLaw9sa8Cd7RbhYX6FD9hu7lBh0XpqSTdSzQIgCkG3r93jwZFKF9vsfAZjGIYE
GLzxlECCAk4lT1MA/J0AdwB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55
uAAAAYyk7HjKAAAEAwBIMEYCIQDXRj1U4eH7nrlKXB418zI54VyYPMuiolkRYDTm
5W//uQIhAMgXFQyAod+UzSZzr/P8EhLUWv8f6SF10OVSd1LqzZ2IAHYA5tIxY0B3
jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGMpOx48wAABAMARzBFAiBcJfi7
fjegAGvuLCxeGcayOuXkx/SIFfvTIWCUN1WsFQIhAMaIH5DhAvGa2/LSYTqHfZYa
QQOIOpU0kVNlwSmxKRiSMA0GCSqGSIb3DQEBCwUAA4IBAQB1pnJRwmFIT/7tCBgG
jpq9u3sBYenQh4ntJ4ueoMlofRoaxNVvgb1jozd1CYPo2tzJnXx+F1TX+2howFVQ
I9SP68YGV7ZaHCNPwiaQGtI6U3OEN8NawbZ8KwuitEytmpi1+AutVsvl11xQhYvJ
TMvO4Ixzb2z8KfrNQx2Ll1zxXhqydjX7VBp36FF6Nn6otgxL7o39aNEhbY6PnpnO
3TU6U8N73uDMe5zJJXgsuI8mLohqphC8mTR3fZAr10vbu843CiGl9iCnoVJ50mvG
Vab0jbgl/Sq1zYzYzwjGbr512wD/qfH4FKCFC5juAkgrxrFv5QgbMm4K622N9i4O
MOPX
-----END CERTIFICATE-----
subject=CN=crates.io
issuer=C=US, O=Amazon, CN=Amazon RSA 2048 M02
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5539 bytes and written 458 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE
$
$ openssl list -signature-algorithms -provider oqs | wc -l
32
$ openssl version
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
$and
$ openssl3 version
OpenSSL 3.4.0-dev (Library: OpenSSL 3.4.0-dev )
$ openssl3 list -signature-algorithms -provider oqs | wc -l
32
$ echo Q | openssl3 s_client -connect index.crates.io:443
Connecting to 18.165.83.101
CONNECTED(00000006)
depth=3 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=2 C=US, O=Amazon, CN=Amazon Root CA 1
verify return:1
depth=1 C=US, O=Amazon, CN=Amazon RSA 2048 M02
verify return:1
depth=0 CN=crates.io
verify return:1
---
Certificate chain
0 s:CN=crates.io
i:C=US, O=Amazon, CN=Amazon RSA 2048 M02
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Dec 26 00:00:00 2023 GMT; NotAfter: Jan 23 23:59:59 2025 GMT
1 s:C=US, O=Amazon, CN=Amazon RSA 2048 M02
i:C=US, O=Amazon, CN=Amazon Root CA 1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 23 22:25:30 2022 GMT; NotAfter: Aug 23 22:25:30 2030 GMT
2 s:C=US, O=Amazon, CN=Amazon Root CA 1
i:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: May 25 12:00:00 2015 GMT; NotAfter: Dec 31 01:00:00 2037 GMT
3 s:C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
i:C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 2 00:00:00 2009 GMT; NotAfter: Jun 28 17:39:16 2034 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgIQBBKvEgBWFwE0iS+JidbVrjANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRwwGgYDVQQDExNBbWF6b24g
UlNBIDIwNDggTTAyMB4XDTIzMTIyNjAwMDAwMFoXDTI1MDEyMzIzNTk1OVowFDES
MBAGA1UEAxMJY3JhdGVzLmlvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy2haLO787eMcOSGe4qehA+AmyuqyAMFqLeF33XyQjeR+GKvppgyMnIBZBHd6
aJhxxCn8tGefLUfOHN0fQhWFjQqJlpSB0pGlOM1NsdKERhUxMOU8/lWddPojhLDV
5ii3tFwDNz0hSEp9C1Pe+dxTs7QwM0QIoMWx0ilBuu97Nb8pFiQ9EAW54Qkkc3Vg
EvZsTcmn0/GdTXzUIdxfWwsdbOT3Op67Fydm+mgb6wBnfKEHVUYhXkdJO3qXyQ3C
mKj6JHtl6cuzM75F8WYezHfNrnuwPZupWZW0a6ynMS5UV8dDQX8Bw4KTvBUgJdst
zXnwbeqtv17NKlzIdDZQ+JrhMQIDAQABo4IDIzCCAx8wHwYDVR0jBBgwFoAUwDFS
zVpQw4J8dHHOy+mc+XrrguIwHQYDVR0OBBYEFC9gT8cdSeXvHZqAvv2dN3bUXqDL
MFQGA1UdEQRNMEuCCWNyYXRlcy5pb4IbY2xvdWRmcm9udC1zdGF0aWMuY3JhdGVz
Lmlvgg9pbmRleC5jcmF0ZXMuaW+CEHN0YXRpYy5jcmF0ZXMuaW8wEwYDVR0gBAww
CjAIBgZngQwBAgEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3JsLnIybTAyLmFt
YXpvbnRydXN0LmNvbS9yMm0wMi5jcmwwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUF
BzABhiFodHRwOi8vb2NzcC5yMm0wMi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUH
MAKGKmh0dHA6Ly9jcnQucjJtMDIuYW1hem9udHJ1c3QuY29tL3IybTAyLmNlcjAM
BgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgBOdaMnXJoQ
wzhbbNTfP1LrHfDgjhuNacCx+mSxYpo53wAAAYyk7HigAAAEAwBHMEUCIQCkZI6S
6nOLaw9sa8Cd7RbhYX6FD9hu7lBh0XpqSTdSzQIgCkG3r93jwZFKF9vsfAZjGIYE
GLzxlECCAk4lT1MA/J0AdwB9WR4S4XgqexxhZ3xe/fjQh1wUoE6VnrkDL9kOjC55
uAAAAYyk7HjKAAAEAwBIMEYCIQDXRj1U4eH7nrlKXB418zI54VyYPMuiolkRYDTm
5W//uQIhAMgXFQyAod+UzSZzr/P8EhLUWv8f6SF10OVSd1LqzZ2IAHYA5tIxY0B3
jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGMpOx48wAABAMARzBFAiBcJfi7
fjegAGvuLCxeGcayOuXkx/SIFfvTIWCUN1WsFQIhAMaIH5DhAvGa2/LSYTqHfZYa
QQOIOpU0kVNlwSmxKRiSMA0GCSqGSIb3DQEBCwUAA4IBAQB1pnJRwmFIT/7tCBgG
jpq9u3sBYenQh4ntJ4ueoMlofRoaxNVvgb1jozd1CYPo2tzJnXx+F1TX+2howFVQ
I9SP68YGV7ZaHCNPwiaQGtI6U3OEN8NawbZ8KwuitEytmpi1+AutVsvl11xQhYvJ
TMvO4Ixzb2z8KfrNQx2Ll1zxXhqydjX7VBp36FF6Nn6otgxL7o39aNEhbY6PnpnO
3TU6U8N73uDMe5zJJXgsuI8mLohqphC8mTR3fZAr10vbu843CiGl9iCnoVJ50mvG
Vab0jbgl/Sq1zYzYzwjGbr512wD/qfH4FKCFC5juAkgrxrFv5QgbMm4K622N9i4O
MOPX
-----END CERTIFICATE-----
subject=CN=crates.io
issuer=C=US, O=Amazon, CN=Amazon RSA 2048 M02
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5539 bytes and written 441 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
DONE
$
Describe the bug Provider built from the
mainbranch pulled after Fri Apr 12, 2024, somehow causes OpenSSL to hang and then time-out on requests over corporate firewall (to https://index.crates.io, in case it matters).When I comment out
oqsprovider inopenssl.cnfthe problem disappears.I must add that before Apr 12th everything worked just fine. So, it's OpenSSL, or liboqs, or oqs-provider.
@levitte could you please take a look as well? I don't know whether it's the provider's fault, or that of the OpenSSL itself.
To Reproduce A little complicated, but here's what I have.
Steps to reproduce the behavior:
cargo-updateviacargo install cargo-updateliboqs.oqs-provider(mainbranch).openssl.cnfto addoqsprovider (some add it asoqsprovider, for me naming itoqssuffices).cargo install-update -lExpected behavior
Something like
Actual behavior
Environment (please complete the following information):
mainis)Please run the following commands to obtain the version information:
openssl versionopenssl list -providers