Re: SSL tests failing with "ee key too small" error on Debian SID

From: Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>
To: michael(at)paquier(dot)xyz
Cc: pgsql-hackers(at)postgresql(dot)org, hlinnaka(at)iki(dot)fi
Subject: Re: SSL tests failing with "ee key too small" error on Debian SID
Date: 2018-10-01 12:18:01
Message-ID: 20181001.211801.02968449.horiguchi.kyotaro@lab.ntt.co.jp
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

At Tue, 25 Sep 2018 14:26:42 +0900, Michael Paquier <michael(at)paquier(dot)xyz> wrote in <20180925052642(dot)GJ1354(at)paquier(dot)xyz>
> On Tue, Sep 25, 2018 at 12:48:57PM +0900, Kyotaro HORIGUCHI wrote:
> > Do you mean that cert/key files are generated on-the-fly while
> > running 'make check'? It sounds reasonable as long as just
> > replaceing existing files with those with longer (2048bits?) keys
> > doesn't work for all supported platforms.
>
> The files are present by default in the tree, but can be regenerated
> easily by using the makefile rule "sslfiles". From what I can see, this
> is caused by OpenSSL 1.1.1 which Debian SID has visibly upgraded to
> recently. That's the version I have on my system. I have not dug much
> into the Makefile to see if things could get done right and change the
> openssl commands though..

# I have no experience in Debian..

In Debian /etc/ssl/openssl.cnf has been changed to
"CiperString=DEFAULT(at)SECLEVEL=2", which implies that "RSA and DHE
keys need to be at least 2048 bit long" according to the
following page.

https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1

It seems to be Debian's special feature and I suppose
(differently from the previous mail..) it won't happen on other
platforms.

Instead, I managed to cause "ee key too smal" by setting
ssl_ciphers in postgresql.conf as the follows with openssl
1.1.1. With the first attached it happens during
001_ssltests_master.

ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL(at)SECLEVEL=2' # allowed SSL ciphers

The attached second patch just changes key size to 2048 bits and
"ee key too small" are eliminated in 001_ssltests_master, but
instead I got "ca md too weak" error. This is eliminated by using
sha256 instead of sha1 in cas.config. (third attached)

By the way I got (with both 1.0.2k and 1.1.1) a "tlsv1 alert
unknown ca" error from 002_scram.pl. It is fixed for me by the
forth attached, but I'm not sure why we haven't have such a
complain. (It happens only for me?)

regards.

--
Kyotaro Horiguchi
NTT Open Source Software Center

Attachment Content-Type Size
cause_ee_key_too_small.patch text/x-patch 615 bytes
use_rsa_2048b_keys.patch text/x-patch 350 bytes
change_md_to_sha256.patch text/x-patch 856 bytes
set_sslrootcert_in_scram_test.patch text/x-patch 610 bytes

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Liudmila Mantrova 2018-10-01 12:24:10 Re: SQL/JSON: documentation
Previous Message Peter Eisentraut 2018-10-01 12:15:20 Re: Hint to set owner for tablespace directory