cryptography icon indicating copy to clipboard operation
cryptography copied to clipboard

Published 20 hours ago verified publisher icon pyca

Fix DH Key exchange incompatibility

Open daveboutcher opened this issue 10 months ago • 2 comments

A change in key types for DH keys was introduced in 42.0.0 such that DH key exchange with older versions (e.g. 41.0.7) no longer works. This affects key exchange with other OpenSSL servers as well.

This commit reverts the code that attempts to differentiate between DH and DHX key exchanges.

Fixes issue #10790

daveboutcher avatar Apr 21 '24 19:04 daveboutcher

@alex sorry for the extreme lag, its taken me a while to get back to this.

I don't love what I did here, but see if its along the lines of what you were looking for, both in the testing side and keygen side. None of the existing test keys in vectors/ exhibited the issue I am fighting with.

All comments and suggestions welcome...

And one of the CI tests failed....so I am rapidly getting out of my depth here

daveboutcher avatar Jun 05 '24 09:06 daveboutcher

The twisted test failures here appear to be genuine DH failures, suggesting that there's an issue in this PR. It also likely indicates missing test cases in our own test suite.

alex avatar Jun 05 '24 11:06 alex