openssl server with falcon certificate error: ca md too weak #74
-
Hello, I want to test if a openssl server with the oqsprovider works with a PQC certification: First, generate CA selfsigned falcon key: Then, generate a server falcon key and certification request: Then, sign it with the CA's key: Last, open server with: I got Version OpenSSL 3.1.0-dev, I've also tried with dilithium3 or 5 and the same error occurred. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
This is an expected error as the last command above is (trying to) use a feature that has not yet been integrated into OpenSSL: Pluggable TLS signature algorithms will only work as and when openssl/openssl#10512 has been resolved. Also note that the required provider code is only available in oqsprovider v0.5.0-dev and later. If you want to try it out you'd need to build the latest oqsprovider code and openssl from https://github.com/baentsch/openssl.git, checked out to branch "sigload" : That is the code underlying openssl/openssl#19312 . |
Beta Was this translation helpful? Give feedback.
-
@Dechen2333 FYI, there's now a ready-to-run docker image allowing you to do all you want above: See https://github.com/open-quantum-safe/oqs-provider/wiki/Interoperability#ietf-115-hackathon. If OK, please also mark the question answered. |
Beta Was this translation helpful? Give feedback.
@Dechen2333 FYI, there's now a ready-to-run docker image allowing you to do all you want above: See https://github.com/open-quantum-safe/oqs-provider/wiki/Interoperability#ietf-115-hackathon. If OK, please also mark the question answered.