Hello, Ubuntu 22.04 is shipped with "openssl" command line 3.0.5, also SECLEVEL=2 is set by default.
"SECLEVEL=2" has uncovered an interesting issue with DH length, which was set to 1024 for EC keys. While better strategy for DH on EC keys needs to be discussed, let us set it to configured dh value now. also, ec curves were renamed (but curves are still the same), as we invoke "openssl" from command line, we need to adjust test cases. Ilya
From 0c9098167c3839a2abc3ab2b5fd943e88219bcae Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin <[email protected]> Date: Sun, 24 Jul 2022 00:05:45 +0500 Subject: [PATCH 3/3] REGTESTS: ssl: adopt tests to OpenSSL-3.0.N on Ubuntu-22.04 openssl-3.0.5 is shipped which has changed ec curve description to "Server Temp Key: ECDH, secp384r1, 384 bits" --- reg-tests/ssl/ssl_generate_certificate.vtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reg-tests/ssl/ssl_generate_certificate.vtc b/reg-tests/ssl/ssl_generate_certificate.vtc index a7d76a70e..b3d9201ae 100644 --- a/reg-tests/ssl/ssl_generate_certificate.vtc +++ b/reg-tests/ssl/ssl_generate_certificate.vtc @@ -164,5 +164,5 @@ shell { } shell { - echo "Q" | openssl s_client -unix "${tmpdir}/ssl_P-384.sock" -servername server.ecdsa.com 2>/dev/null| grep "Server Temp Key: ECDH, P-384, 384 bits" + echo "Q" | openssl s_client -unix "${tmpdir}/ssl_P-384.sock" -servername server.ecdsa.com 2>/dev/null| grep "Temp Key: ECDH,.+, 384 bits" } -- 2.36.1
From 252bddfbf93ff223c71481ecdf6e2ba1f8819083 Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin <[email protected]> Date: Sun, 24 Jul 2022 00:01:32 +0500 Subject: [PATCH 2/3] REGTESTS: ssl: adopt tests to OpenSSL-3.0.N on Ubuntu-22.04 openssl-3.0.5 is shipped which has changed ec curve description to "Server Temp Key: ECDH, prime256v1, 256 bits" --- reg-tests/ssl/ssl_generate_certificate.vtc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reg-tests/ssl/ssl_generate_certificate.vtc b/reg-tests/ssl/ssl_generate_certificate.vtc index 665175567..a7d76a70e 100644 --- a/reg-tests/ssl/ssl_generate_certificate.vtc +++ b/reg-tests/ssl/ssl_generate_certificate.vtc @@ -160,7 +160,7 @@ client c6 -connect ${h1_clearlst_sock} { # The curve with the highest priority is X25519 for OpenSSL 1.1.1 and later, # and P-256 for OpenSSL 1.0.2. shell { - echo "Q" | openssl s_client -unix "${tmpdir}/ssl.sock" -servername server.ecdsa.com -tls1_2 2>/dev/null | grep -E "Server Temp Key: (ECDH, P-256, 256 bits|X25519, 253 bits)" + echo "Q" | openssl s_client -unix "${tmpdir}/ssl.sock" -servername server.ecdsa.com -tls1_2 2>/dev/null | grep -E "Server Temp Key: (ECDH, P-256, 256 bits|ECDH, prime256v1, 256 bits|X25519, 253 bits)" } shell { -- 2.36.1
From 7083b530d6417471634b4d6b712c95176fe7138a Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin <[email protected]> Date: Sat, 23 Jul 2022 23:55:19 +0500 Subject: [PATCH 1/3] BUG/MEDIUM: fix DH length when EC key is used dh of length 1024 were chosen for EVP_PKEY_EC key type. let us pick "default_dh_param" instead. issue was found on Ubuntu 22.04 which is shipped with OpenSSL configured with SECLEVEL=2 by default. such SECLEVEL value prohibits DH shorter than 2048: OpenSSL error[0xa00018a] SSL_CTX_set0_tmp_dh_pkey: dh key too small better strategy for chosing DH still may be considered though. --- src/ssl_sock.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 1d39826e6..02b369a79 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3211,6 +3211,10 @@ static HASSL_DH *ssl_get_tmp_dh(EVP_PKEY *pkey) type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE; + if (type == EVP_PKEY_EC) { + keylen = global_ssl.default_dh_param; + } + /* The keylen supplied by OpenSSL can only be 512 or 1024. See ssl3_send_server_key_exchange() in ssl/s3_srvr.c */ -- 2.36.1
