0

I am using a custom Python build, with the liboqs-openssl which is encapsulating pq-algorithms. I generated the certificates using the provided dilithium2 algorithm and wanted to create a simple SSL connection with a Python client and server.

Simplified client:

context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.load_verify_locations('.../quantum-safe-chat/pqca/ca/dilithium2_CA.crt')
_socket = socket(AF_INET, SOCK_STREAM, 0)
_socket = context.wrap_socket(_socket, server_hostname=hostname)
_socket.connect(address)

Simplified server:

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.load_cert_chain(certfile='.../quantum-safe-chat/pqca/server/dilithium2_srv.crt',
                        keyfile='.../quantum-safe-chat/pqca/server/dilithium2_srv.key')
server = socket(AF_INET, SOCK_STREAM, 0)
server.bind(self.__address)
server = context.wrap_socket(self.__server, server_side=True)

Now when I try to run the server and the client, I get the client error ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1129) and the server error ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:1129).

I already tried printing out the ciphers with context.get_ciphers() on both ends, where they were identical. Also I tried manually setting it to the same cipher on both ends with context.set_ciphers('ECDHE-RSA-AES256-GCM-SHA384') which only gives me the same result.

Does anyone have an idea what the issue might be?

Robinbux
  • 3
  • 2

1 Answers1

0

I'm not familiar with libqs-openssl, but

  • The documentation clearly says that the necessary cipher support is for TLS 1.3, while your code insists on using TLS 1.2
  • You are trying to use ciphers which require RSA certificate, even though you don't have a RSA certificate

This together means that there are no ciphers which could support the authentication method available with your certificate. In other words: no ciphers and therefore also no shared ciphers.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Hi Steffen, thanks for the answer!. The version actually seemed to be the issue. On the server side I changed it to `PROTOCOL_TLS_SERVER`. The reason I chose the RSA cipher is that the certificates are hybrid certificates, and therefore also support old ciphers. I thought in testing that would make it simpler. Like I said, I got a list with all available ciphers in `context.get_ciphers()`. I now get an error in the client side, saying `certificate verify failed: IP address mismatch, certificate is not valid for '127.0.0.1'`. Do I need to whitelist localhost when creating the CA cert? – Robinbux May 10 '21 at 10:56
  • @Robinbux: *"I now get an error in the client side, saying certificate verify failed: IP address mismatch, certificate is not valid for '127.0.0.1'"* - Looks like your original question got successfully answered. What you ask now is a different question and should better be asked as a new question. But in short: the subject of the certificate (preferable subject alternative names) must match `hostname` from your client (this is usually not called "whitelisting"). Nothing is known about your certificate but obviously it does not cover the hostname. – Steffen Ullrich May 10 '21 at 11:10
  • That's it, I needed to create an extension file that specifies the `alt_names` and feed that into openssl when signing the server certificate. It's all working now, thanks! – Robinbux May 10 '21 at 11:49