Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman #4429
Conversation
Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added
enhancement
mbed TLS team
needs-review
|
Tested on Ubuntu 20.04 OpenSSL 1.1.1f Without the patch I get 35 failures, with it I saw 36. Looking more closely at the first error, I see that without the patch the failure is in o-srv-1.log: # Fallback SCSV: default, openssl server whereas with the patch, there is no failure in o-srv-1.log, but there is a failure for this test in o-cli-1.log: ... Last error was: -0x7780 - SSL - A fatal alert message was received from our peer So this does seem to fix the key length issue, but other issues remain. |
|
Without the patch, every test case that runs an openssl server fails with a modern openssl. With the patch, some test cases still fail for another reason. For example “Fallback SCSV: default, openssl server” forces the use of TLS 1.1, and it looks like openssl in Ubuntu 20.04 disables TLS 1.1. I'm not sure: I get a different error from the server if I add |
I don't see how this patch could make more things fail though. |
|
I assume some failures were intermittent. I think this is gtg as a partial step towards Ubuntu 20.04 support though. |
|
Is your “without this patch” the merge-base of this branch and development, or a different vintage of development? If it's a different vintage, it may have a different set of test cases. I just did a run with a slightly more recent 3.0 than the base of this PR, and all the test cases present in both that fail in this PR also fail in 3.0, but some test cases fail in both. |
That was comparing this branch, vs. this branch with "git revert HEAD" applied, so should be like-for-like. |
|
The travis error seems unrelated (failure to install some python requirements) and can be ignored since Jenkins passed. |
mpg
removed
needs-review
|
The Travis error is unrelated (failure to install a python requirement on windows) and can be ignored since Jenkins passed. Still labelling "needs: ci" while we're waiting for the pr-merge job on Jenkins to complete. |
mpg
added
needs-ci
|
Actually the pr-merge job on Jenkins passed but just failed to report, so this is all good. |
compat.shandssl-opt.shdon't work with a modern OpenSSL (e.g. the system one on Ubuntu 20.04) because they force the use of a small DH prime. We do this for compatibility with ancient versions of OpenSSL which we still use for legacy features. Only do it for those ancient versions, not for modern versions. This way you can run the SSL test scripts with the system version of OpenSSL on a modern system (barring other issues which I haven't checked).This may turn out not to be needed in 3.0 if we remove everything that requires legacy OpenSSL for interoperability testing. If so we can either revert the patch or keep it for similarity with LTS branches.
Backports: