[Twisted-Python] Twisted with pypy3 on Ubuntu 20.4, SSL error: 'ee key too small'
Hi, I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this version of using pypy3: *Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05* *Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)* A bunch of the conch tests failed in this Ubuntu environment: https://github.com/twisted/twisted/runs/1173397508 like this: *===Error: Traceback (most recent call last): File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", line 1780, in test_ellipticCurveDiffieHellmanonData=onData, File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", line 716, in loopbackself.serverPort = reactor.listenSSL(0, serverFactory, serverCertOpts) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py", line 593, in listenSSLtlsFactory = tls.TLSMemoryBIOFactory(contextFactory, False, factory) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", line 748, in __init__contextFactory = _ContextFactoryToConnectionFactory(contextFactory) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", line 629, in __init__oldStyleContextFactory.getContext() File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", line 1636, in getContextself._context = self._makeContext() File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", line 1645, in _makeContextctx.use_certificate(self.certificate) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py", line 960, in use_certificate_raise_current_error() File "/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in __call__return self._func(*(self._args + fargs), **fkeywords) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queueraise exception_type(errors)OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_use_certificate', 'ee key too small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===* I'm not sure what the root problem is, but my suspicion is that the SSL library in this particular Ubuntu environment does not permit keys smaller than 2048 bits. Anyone have any other ideas as to the cause of this error? Thanks. -- Craig ___ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Re: [Twisted-Python] Twisted with pypy3 on Ubuntu 20.4, SSL error: 'ee key too small'
On Tue, 29 Sep 2020 at 23:25, Craig Rodrigues wrote: > Hi, > > I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this > version of using pypy3: > > *Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05* > *Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)* > > > A bunch of the conch tests failed in this Ubuntu environment: > https://github.com/twisted/twisted/runs/1173397508 > like this: > > > > > > > > > > > > > > > > > > > > > > > > > > > > *===Error: > Traceback (most recent call last): File > "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", > line 1780, in test_ellipticCurveDiffieHellmanonData=onData, File > "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", > line 716, in loopbackself.serverPort = reactor.listenSSL(0, > serverFactory, serverCertOpts) File > "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py", > line 593, in listenSSLtlsFactory = > tls.TLSMemoryBIOFactory(contextFactory, False, factory) File > "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", > line 748, in __init__contextFactory = > _ContextFactoryToConnectionFactory(contextFactory) File > "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", > line 629, in __init__oldStyleContextFactory.getContext() File > "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", > line 1636, in getContextself._context = self._makeContext() File > "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", > line 1645, in _makeContextctx.use_certificate(self.certificate) File > "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py", > line 960, in use_certificate_raise_current_error() File > "/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in > __call__return self._func(*(self._args + fargs), **fkeywords) File > "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py", > line 54, in exception_from_error_queueraise > exception_type(errors)OpenSSL.SSL.Error: [('SSL routines', > 'SSL_CTX_use_certificate', 'ee key too > small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===* > > > > I'm not sure what the root problem is, but my suspicion is that the SSL > library in this particular Ubuntu environment > does not permit keys smaller than 2048 bits. > > Anyone have any other ideas as to the cause of this error? > > Hi, That is the case. One work around is append @SECLEVEL=0 to the cipher list but I think it's better to update the tests to use 2048 bits key. -- Adi Roiban ___ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
Re: [Twisted-Python] Twisted with pypy3 on Ubuntu 20.4, SSL error: 'ee key too small'
Adi, Thanks for the tip. Yes, increasing the key size in the tests definitely eliminated this error: https://github.com/twisted/twisted/pull/1411 -- Craig On Tue, Sep 29, 2020 at 3:34 PM Adi Roiban wrote: > > > On Tue, 29 Sep 2020 at 23:25, Craig Rodrigues > wrote: > >> Hi, >> >> I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this >> version of using pypy3: >> >> *Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05* >> *Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)* >> >> >> A bunch of the conch tests failed in this Ubuntu environment: >> https://github.com/twisted/twisted/runs/1173397508 >> like this: >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> *===Error: >> Traceback (most recent call last): File >> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", >> line 1780, in test_ellipticCurveDiffieHellmanonData=onData, File >> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", >> line 716, in loopbackself.serverPort = reactor.listenSSL(0, >> serverFactory, serverCertOpts) File >> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py", >> line 593, in listenSSLtlsFactory = >> tls.TLSMemoryBIOFactory(contextFactory, False, factory) File >> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", >> line 748, in __init__contextFactory = >> _ContextFactoryToConnectionFactory(contextFactory) File >> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", >> line 629, in __init__oldStyleContextFactory.getContext() File >> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", >> line 1636, in getContextself._context = self._makeContext() File >> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", >> line 1645, in _makeContextctx.use_certificate(self.certificate) File >> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py", >> line 960, in use_certificate_raise_current_error() File >> "/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in >> __call__return self._func(*(self._args + fargs), **fkeywords) File >> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py", >> line 54, in exception_from_error_queueraise >> exception_type(errors)OpenSSL.SSL.Error: [('SSL routines', >> 'SSL_CTX_use_certificate', 'ee key too >> small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===* >> >> >> >> I'm not sure what the root problem is, but my suspicion is that the SSL >> library in this particular Ubuntu environment >> does not permit keys smaller than 2048 bits. >> >> Anyone have any other ideas as to the cause of this error? >> >> > Hi, > > That is the case. > > One work around is append @SECLEVEL=0 to the cipher list but I think > it's better to update the tests to use 2048 bits key. > > -- > Adi Roiban > ___ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python > ___ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python