[Twisted-Python] Twisted with pypy3 on Ubuntu 20.4, SSL error: 'ee key too small'
Craig Rodrigues
rodrigc at crodrigues.org
Wed Sep 30 18:18:08 MDT 2020
Adi,
Thanks for the tip. Yes, increasing the key size in the tests definitely
eliminated this error:
https://github.com/twisted/twisted/pull/1411
--
Craig
On Tue, Sep 29, 2020 at 3:34 PM Adi Roiban <adi at roiban.ro> wrote:
>
>
> On Tue, 29 Sep 2020 at 23:25, Craig Rodrigues <rodrigc at crodrigues.org>
> wrote:
>
>> Hi,
>>
>> I ran an experiment to run the Twisted tests on Ubuntu 20.4 using this
>> version of using pypy3:
>>
>> *Python 3.6.9 (2ad108f17bdb, Apr 07 2020, 02:29:05*
>> *Pypy 7.3.1 with GCC 7.3.1 20180303 (Red Hat 7.3.1-5)*
>>
>>
>> A bunch of the conch tests failed in this Ubuntu environment:
>> https://github.com/twisted/twisted/runs/1173397508
>> like this:
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *===============================================================================Error:
>> Traceback (most recent call last): File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py",
>> line 1780, in test_ellipticCurveDiffieHellman onData=onData, File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/test/test_sslverify.py",
>> line 716, in loopback self.serverPort = reactor.listenSSL(0,
>> serverFactory, serverCertOpts) File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/posixbase.py",
>> line 593, in listenSSL tlsFactory =
>> tls.TLSMemoryBIOFactory(contextFactory, False, factory) File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py",
>> line 748, in __init__ contextFactory =
>> _ContextFactoryToConnectionFactory(contextFactory) File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/protocols/tls.py",
>> line 629, in __init__ oldStyleContextFactory.getContext() File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py",
>> line 1636, in getContext self._context = self._makeContext() File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/twisted/internet/_sslverify.py",
>> line 1645, in _makeContext ctx.use_certificate(self.certificate) File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/SSL.py",
>> line 960, in use_certificate _raise_current_error() File
>> "/opt/hostedtoolcache/PyPy/3.6.9/x64/lib_pypy/_functools.py", line 80, in
>> __call__ return self._func(*(self._args + fargs), **fkeywords) File
>> "/home/runner/work/twisted/twisted/build/alldeps-withcov-posix/site-packages/OpenSSL/_util.py",
>> line 54, in exception_from_error_queue raise
>> exception_type(errors)OpenSSL.SSL.Error: [('SSL routines',
>> 'SSL_CTX_use_certificate', 'ee key too
>> small')]twisted.test.test_sslverify.OpenSSLOptionsECDHIntegrationTests.test_ellipticCurveDiffieHellman===============================================================================*
>>
>>
>>
>> I'm not sure what the root problem is, but my suspicion is that the SSL
>> library in this particular Ubuntu environment
>> does not permit keys smaller than 2048 bits.
>>
>> Anyone have any other ideas as to the cause of this error?
>>
>>
> Hi,
>
> That is the case.
>
> One work around is append @SECLEVEL=0 to the cipher list.... but I think
> it's better to update the tests to use 2048 bits key.
>
> --
> Adi Roiban
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20200930/e8d6da25/attachment.htm>
More information about the Twisted-Python
mailing list