[Twisted-Python] Twisted with pypy3 on Ubuntu 20.4, SSL error: 'ee key too small'

Adi Roiban adi at roiban.ro
Tue Sep 29 16:33:37 MDT 2020 

On Tue, 29 Sep 2020 at 23:25, Craig Rodrigues <rodrigc at crodrigues.org>
wrote:

> Hi,
>
> I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this
> version of using pypy3:
>
> *Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05*
> *Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)*
>
>
> A bunch of the conch tests failed in this Ubuntu environment:
> https://github.com/twisted/twisted/runs/1173397508
> like this:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *===============================================================================Error:
> Traceback (most recent call last):  File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py",
> line 1780, in test_ellipticCurveDiffieHellman    onData=onData,  File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py",
> line 716, in loopback    self.serverPort = reactor.listenSSL(0,
> serverFactory, serverCertOpts)  File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py",
> line 593, in listenSSL    tlsFactory =
> tls.TLSMemoryBIOFactory(contextFactory, False, factory)  File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py",
> line 748, in __init__    contextFactory =
> _ContextFactoryToConnectionFactory(contextFactory)  File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py",
> line 629, in __init__    oldStyleContextFactory.getContext()  File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py",
> line 1636, in getContext    self._context = self._makeContext()  File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py",
> line 1645, in _makeContext    ctx.use_certificate(self.certificate)  File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py",
> line 960, in use_certificate    _raise_current_error()  File
> "/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in
> __call__    return self._func(*(self._args + fargs), **fkeywords)  File
> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py",
> line 54, in exception_from_error_queue    raise
> exception_type(errors)OpenSSL.SSL.Error: [('SSL routines',
> 'SSL_CTX_use_certificate', 'ee key too
> small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===============================================================================*
>
>
>
> I'm not sure what the root problem is, but my suspicion is that the SSL
> library in this particular Ubuntu environment
> does not permit keys smaller than 2048 bits.
>
> Anyone have any other ideas as to the cause of this error?
>
>
Hi,

That is the case.

One work around is append @SECLEVEL=0 to the cipher list.... but I think
it's better to update the tests to use 2048 bits key.

-- 
Adi Roiban
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20200929/cda5c04b/attachment.htm>

More information about the Twisted-Python mailing list