I am using a custom Python build, with the liboqs-openssl which is encapsulating pq-algorithms. I generated the certificates using the provided dilithium2
algorithm and wanted to create a simple SSL connection with a Python client and server.
Simplified client:
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.load_verify_locations('.../quantum-safe-chat/pqca/ca/dilithium2_CA.crt')
_socket = socket(AF_INET, SOCK_STREAM, 0)
_socket = context.wrap_socket(_socket, server_hostname=hostname)
_socket.connect(address)
Simplified server:
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.load_cert_chain(certfile='.../quantum-safe-chat/pqca/server/dilithium2_srv.crt',
keyfile='.../quantum-safe-chat/pqca/server/dilithium2_srv.key')
server = socket(AF_INET, SOCK_STREAM, 0)
server.bind(self.__address)
server = context.wrap_socket(self.__server, server_side=True)
Now when I try to run the server and the client, I get the client error ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1129)
and the server error ssl.SSLError: [SSL: NO_SHARED_CIPHER] no shared cipher (_ssl.c:1129)
.
I already tried printing out the ciphers with context.get_ciphers()
on both ends, where they were identical. Also I tried manually setting it to the same cipher on both ends with context.set_ciphers('ECDHE-RSA-AES256-GCM-SHA384')
which only gives me the same result.
Does anyone have an idea what the issue might be?