[Twisted-Python] Twisted with pypy3 on Ubuntu 20.4, SSL error: 'ee key too small'
Hi,
I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this
version of using pypy3:
*Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05*
*Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)*
A bunch of the conch tests failed in this Ubuntu environment:
https://github.com/twisted/twisted/runs/1173397508
like this:
*===Error:
Traceback (most recent call last): File
"/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py",
line 1780, in test_ellipticCurveDiffieHellmanonData=onData, File
"/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py",
line 716, in loopbackself.serverPort = reactor.listenSSL(0,
serverFactory, serverCertOpts) File
"/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py",
line 593, in listenSSLtlsFactory =
tls.TLSMemoryBIOFactory(contextFactory, False, factory) File
"/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py",
line 748, in __init__contextFactory =
_ContextFactoryToConnectionFactory(contextFactory) File
"/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py",
line 629, in __init__oldStyleContextFactory.getContext() File
"/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py",
line 1636, in getContextself._context = self._makeContext() File
"/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py",
line 1645, in _makeContextctx.use_certificate(self.certificate) File
"/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py",
line 960, in use_certificate_raise_current_error() File
"/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in
__call__return self._func(*(self._args + fargs), **fkeywords) File
"/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py",
line 54, in exception_from_error_queueraise
exception_type(errors)OpenSSL.SSL.Error: [('SSL routines',
'SSL_CTX_use_certificate', 'ee key too
small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===*
I'm not sure what the root problem is, but my suspicion is that the SSL
library in this particular Ubuntu environment
does not permit keys smaller than 2048 bits.
Anyone have any other ideas as to the cause of this error?
Thanks.
--
Craig
___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Re: [Twisted-Python] Twisted with pypy3 on Ubuntu 20.4, SSL error: 'ee key too small'
On Tue, 29 Sep 2020 at 23:25, Craig Rodrigues
wrote:
> Hi,
>
> I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this
> version of using pypy3:
>
> *Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05*
> *Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)*
>
>
> A bunch of the conch tests failed in this Ubuntu environment:
> https://github.com/twisted/twisted/runs/1173397508
> like this:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *===Error:
> Traceback (most recent call last): File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py",
> line 1780, in test_ellipticCurveDiffieHellmanonData=onData, File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py",
> line 716, in loopbackself.serverPort = reactor.listenSSL(0,
> serverFactory, serverCertOpts) File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py",
> line 593, in listenSSLtlsFactory =
> tls.TLSMemoryBIOFactory(contextFactory, False, factory) File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py",
> line 748, in __init__contextFactory =
> _ContextFactoryToConnectionFactory(contextFactory) File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py",
> line 629, in __init__oldStyleContextFactory.getContext() File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py",
> line 1636, in getContextself._context = self._makeContext() File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py",
> line 1645, in _makeContextctx.use_certificate(self.certificate) File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py",
> line 960, in use_certificate_raise_current_error() File
> "/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in
> __call__return self._func(*(self._args + fargs), **fkeywords) File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py",
> line 54, in exception_from_error_queueraise
> exception_type(errors)OpenSSL.SSL.Error: [('SSL routines',
> 'SSL_CTX_use_certificate', 'ee key too
> small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===*
>
>
>
> I'm not sure what the root problem is, but my suspicion is that the SSL
> library in this particular Ubuntu environment
> does not permit keys smaller than 2048 bits.
>
> Anyone have any other ideas as to the cause of this error?
>
>
Hi,
That is the case.
One work around is append @SECLEVEL=0 to the cipher list but I think
it's better to update the tests to use 2048 bits key.
--
Adi Roiban
___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Re: [Twisted-Python] Twisted with pypy3 on Ubuntu 20.4, SSL error: 'ee key too small'
Adi,
Thanks for the tip. Yes, increasing the key size in the tests definitely
eliminated this error:
https://github.com/twisted/twisted/pull/1411
--
Craig
On Tue, Sep 29, 2020 at 3:34 PM Adi Roiban wrote:
>
>
> On Tue, 29 Sep 2020 at 23:25, Craig Rodrigues
> wrote:
>
>> Hi,
>>
>> I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this
>> version of using pypy3:
>>
>> *Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05*
>> *Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)*
>>
>>
>> A bunch of the conch tests failed in this Ubuntu environment:
>> https://github.com/twisted/twisted/runs/1173397508
>> like this:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *===Error:
>> Traceback (most recent call last): File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py",
>> line 1780, in test_ellipticCurveDiffieHellmanonData=onData, File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py",
>> line 716, in loopbackself.serverPort = reactor.listenSSL(0,
>> serverFactory, serverCertOpts) File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py",
>> line 593, in listenSSLtlsFactory =
>> tls.TLSMemoryBIOFactory(contextFactory, False, factory) File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py",
>> line 748, in __init__contextFactory =
>> _ContextFactoryToConnectionFactory(contextFactory) File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py",
>> line 629, in __init__oldStyleContextFactory.getContext() File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py",
>> line 1636, in getContextself._context = self._makeContext() File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py",
>> line 1645, in _makeContextctx.use_certificate(self.certificate) File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py",
>> line 960, in use_certificate_raise_current_error() File
>> "/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in
>> __call__return self._func(*(self._args + fargs), **fkeywords) File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py",
>> line 54, in exception_from_error_queueraise
>> exception_type(errors)OpenSSL.SSL.Error: [('SSL routines',
>> 'SSL_CTX_use_certificate', 'ee key too
>> small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===*
>>
>>
>>
>> I'm not sure what the root problem is, but my suspicion is that the SSL
>> library in this particular Ubuntu environment
>> does not permit keys smaller than 2048 bits.
>>
>> Anyone have any other ideas as to the cause of this error?
>>
>>
> Hi,
>
> That is the case.
>
> One work around is append @SECLEVEL=0 to the cipher list but I think
> it's better to update the tests to use 2048 bits key.
>
> --
> Adi Roiban
> ___
> Twisted-Python mailing list
> Twisted-Python@twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
___
Twisted-Python mailing list
Twisted-Python@twistedmatrix.com
https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
