Giters

aws / s2n-tls

An implementation of the TLS/SSL protocols

Home Page:https://aws.github.io/s2n-tls/usage-guide/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Add interoperability test for latest oqs-provider

goatgoose opened this issue · comments

commented

Problem:

#4544 resolved an issue where the oqs-provider client sent a list of signature schemes that exceeded the s2n-tls maximum, causing the connection to fail. This issue could have been caught in a simple handshake test between s2n-tls and oqs-provider.

The test_pq_handshake integration test contains a test for oqs-provider:

s2n-tls/tests/integrationv2/test_pq_handshake.py

Line 403 in 8aa419e

def test_oqs_openssl_to_s2nd_pq_handshake(managed_process, protocol, cipher, kem_group):

However, the oqs-provider version is fixed and outdated, so this issue wasn't caught.

Solution:

Update the oqs-provider version in the test_pq_handshake test, or otherwise add a more recent oqs-provider interoperability test to the CI, to ensure that s2n-tls and oqs-provider can continue to interoperate.

commented

Do we still need oqs ? The liboqs README says: WE DO NOT CURRENTLY RECOMMEND RELYING ON THIS LIBRARY IN A PRODUCTION ENVIRONMENT OR TO PROTECT ANY SENSITIVE DATA. This library is meant to help with research and prototyping. Aren't we getting real world coverage with aws-lc ?