[Twisted-Python] Twisted with pypy3 on Ubuntu 20.4, SSL error: 'ee key too small'
Hi, I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this version of using pypy3: *Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05* *Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)* A bunch of the conch tests failed in this Ubuntu environment: https://github.com/twisted/twisted/runs/1173397508 like this: *===============================================================================Error: Traceback (most recent call last): File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", line 1780, in test_ellipticCurveDiffieHellman onData=onData, File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", line 716, in loopback self.serverPort = reactor.listenSSL(0, serverFactory, serverCertOpts) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py", line 593, in listenSSL tlsFactory = tls.TLSMemoryBIOFactory(contextFactory, False, factory) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", line 748, in __init__ contextFactory = _ContextFactoryToConnectionFactory(contextFactory) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", line 629, in __init__ oldStyleContextFactory.getContext() File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", line 1636, in getContext self._context = self._makeContext() File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", line 1645, in _makeContext ctx.use_certificate(self.certificate) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py", line 960, in use_certificate _raise_current_error() File "/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in __call__ return self._func(*(self._args + fargs), **fkeywords) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors)OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_use_certificate', 'ee key too small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===============================================================================* I'm not sure what the root problem is, but my suspicion is that the SSL library in this particular Ubuntu environment does not permit keys smaller than 2048 bits. Anyone have any other ideas as to the cause of this error? Thanks. -- Craig
On Tue, 29 Sep 2020 at 23:25, Craig Rodrigues <rodrigc@crodrigues.org> wrote:
Hi,
I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this version of using pypy3:
*Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05* *Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)*
A bunch of the conch tests failed in this Ubuntu environment: https://github.com/twisted/twisted/runs/1173397508 like this:
*===============================================================================Error: Traceback (most recent call last): File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", line 1780, in test_ellipticCurveDiffieHellman onData=onData, File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", line 716, in loopback self.serverPort = reactor.listenSSL(0, serverFactory, serverCertOpts) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py", line 593, in listenSSL tlsFactory = tls.TLSMemoryBIOFactory(contextFactory, False, factory) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", line 748, in __init__ contextFactory = _ContextFactoryToConnectionFactory(contextFactory) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", line 629, in __init__ oldStyleContextFactory.getContext() File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", line 1636, in getContext self._context = self._makeContext() File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", line 1645, in _makeContext ctx.use_certificate(self.certificate) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py", line 960, in use_certificate _raise_current_error() File "/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in __call__ return self._func(*(self._args + fargs), **fkeywords) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors)OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_use_certificate', 'ee key too small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===============================================================================*
I'm not sure what the root problem is, but my suspicion is that the SSL library in this particular Ubuntu environment does not permit keys smaller than 2048 bits.
Anyone have any other ideas as to the cause of this error?
Hi, That is the case. One work around is append @SECLEVEL=0 to the cipher list.... but I think it's better to update the tests to use 2048 bits key. -- Adi Roiban
Adi, Thanks for the tip. Yes, increasing the key size in the tests definitely eliminated this error: https://github.com/twisted/twisted/pull/1411 -- Craig On Tue, Sep 29, 2020 at 3:34 PM Adi Roiban <adi@roiban.ro> wrote:
On Tue, 29 Sep 2020 at 23:25, Craig Rodrigues <rodrigc@crodrigues.org> wrote:
Hi,
I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this version of using pypy3:
*Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05* *Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)*
A bunch of the conch tests failed in this Ubuntu environment: https://github.com/twisted/twisted/runs/1173397508 like this:
*===============================================================================Error: Traceback (most recent call last): File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", line 1780, in test_ellipticCurveDiffieHellman onData=onData, File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py", line 716, in loopback self.serverPort = reactor.listenSSL(0, serverFactory, serverCertOpts) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py", line 593, in listenSSL tlsFactory = tls.TLSMemoryBIOFactory(contextFactory, False, factory) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", line 748, in __init__ contextFactory = _ContextFactoryToConnectionFactory(contextFactory) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py", line 629, in __init__ oldStyleContextFactory.getContext() File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", line 1636, in getContext self._context = self._makeContext() File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py", line 1645, in _makeContext ctx.use_certificate(self.certificate) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py", line 960, in use_certificate _raise_current_error() File "/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in __call__ return self._func(*(self._args + fargs), **fkeywords) File "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue raise exception_type(errors)OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_use_certificate', 'ee key too small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===============================================================================*
I'm not sure what the root problem is, but my suspicion is that the SSL library in this particular Ubuntu environment does not permit keys smaller than 2048 bits.
Anyone have any other ideas as to the cause of this error?
Hi,
That is the case.
One work around is append @SECLEVEL=0 to the cipher list.... but I think it's better to update the tests to use 2048 bits key.
-- Adi Roiban _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
participants (2)
-
Adi Roiban -
Craig Rodrigues