| From: | Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | michael(at)paquier(dot)xyz |
| Cc: | pgsql-hackers(at)postgresql(dot)org, hlinnaka(at)iki(dot)fi |
| Subject: | Re: SSL tests failing with "ee key too small" error on Debian SID |
| Date: | 2018-10-01 12:18:01 |
| Message-ID: | 20181001.211801.02968449.horiguchi.kyotaro@lab.ntt.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
At Tue, 25 Sep 2018 14:26:42 +0900, Michael Paquier <michael(at)paquier(dot)xyz> wrote in <20180925052642(dot)GJ1354(at)paquier(dot)xyz>
> On Tue, Sep 25, 2018 at 12:48:57PM +0900, Kyotaro HORIGUCHI wrote:
> > Do you mean that cert/key files are generated on-the-fly while
> > running 'make check'? It sounds reasonable as long as just
> > replaceing existing files with those with longer (2048bits?) keys
> > doesn't work for all supported platforms.
>
> The files are present by default in the tree, but can be regenerated
> easily by using the makefile rule "sslfiles". From what I can see, this
> is caused by OpenSSL 1.1.1 which Debian SID has visibly upgraded to
> recently. That's the version I have on my system. I have not dug much
> into the Makefile to see if things could get done right and change the
> openssl commands though..
# I have no experience in Debian..
In Debian /etc/ssl/openssl.cnf has been changed to
"CiperString=DEFAULT(at)SECLEVEL=2", which implies that "RSA and DHE
keys need to be at least 2048 bit long" according to the
following page.
https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1
It seems to be Debian's special feature and I suppose
(differently from the previous mail..) it won't happen on other
platforms.
Instead, I managed to cause "ee key too smal" by setting
ssl_ciphers in postgresql.conf as the follows with openssl
1.1.1. With the first attached it happens during
001_ssltests_master.
ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL(at)SECLEVEL=2' # allowed SSL ciphers
The attached second patch just changes key size to 2048 bits and
"ee key too small" are eliminated in 001_ssltests_master, but
instead I got "ca md too weak" error. This is eliminated by using
sha256 instead of sha1 in cas.config. (third attached)
By the way I got (with both 1.0.2k and 1.1.1) a "tlsv1 alert
unknown ca" error from 002_scram.pl. It is fixed for me by the
forth attached, but I'm not sure why we haven't have such a
complain. (It happens only for me?)
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
| Attachment | Content-Type | Size |
|---|---|---|
| cause_ee_key_too_small.patch | text/x-patch | 615 bytes |
| use_rsa_2048b_keys.patch | text/x-patch | 350 bytes |
| change_md_to_sha256.patch | text/x-patch | 856 bytes |
| set_sslrootcert_in_scram_test.patch | text/x-patch | 610 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Liudmila Mantrova | 2018-10-01 12:24:10 | Re: SQL/JSON: documentation |
| Previous Message | Peter Eisentraut | 2018-10-01 12:15:20 | Re: Hint to set owner for tablespace directory |