oqs-provider
oqs-provider copied to clipboard
Published
20 hours ago •
open-quantum-safe
open-quantum-safe
Getting message "too weak" when launching openssl server
I have installed successfully the oqs-provider and have enabled both the default and the oqsprovider providers in the /etc/ssl/openssl.cnf file. I'm replicating the process as described in the USAGE.md. I first create certificates and keys via:
openssl req -x509 -new -newkey dilithium3 -keyout dilithium3_CA.key -out dilithium3_CA.crt -nodes -subj "/CN=test CA" -days 365 -config /etc/ssl/openssl.cnf
openssl genpkey -algorithm dilithium3 -out dilithium3_srv.key
openssl req -new -newkey dilithium3 -keyout dilithium3_srv.key -out dilithium3_srv.csr -nodes -subj "/CN=test server" -config /etc/ssl/openssl.cnf
openssl x509 -req -in dilithium3_srv.csr -out dilithium3_srv.crt -CA dilithium3_CA.crt -CAkey dilithium3_CA.key -CAcreateserial -days 365
Then I try to launch the server via the provided command but I get the following error:
openssl s_server -cert dilithium3_srv.crt -key dilithium3_srv.key -www -tls1_3 -groups kyber768:frodo640shake
Using default temp DH parameters
error setting certificate
4077C88E967F0000:error:0A00018E:SSL routines:SSL_CTX_use_certificate:ca md too weak:../ssl/ssl_rsa.c:221:
Any idea?
