Comments (3)
Your error messages suggest either OpenVPN isn't actually being linked at runtime with the the OQS fork of OpenSSL, but are instead linking to the system-installed version of OpenSSL; or you're generating your Picnic certs with a newer version of OQS-OpenSSL which the version we're currently dependent on doesn't support. As with all the PQ algorithms, Picnic has been updated over time. We also don't support using the 1.1 fork of OQS-OpenSSL; we only support the 1.0.2 fork. Our build scripts fetch a specific commit from OQS-OpenSSL for this reason. Make sure you're running all the openssl commands referring specifically to the openssl binary generated by the OQS-OpenSSL build.
We're currently working to make the OQS-OpenSSL 1.1 fork compatible with OpenVPN, and our next release will both update to the latest version of OpenVPN and support OQS-OpenSSL 1.1.
All that aside, we did discover after the fact that most Picnic certificates trigger a bug in OpenSSL because they end up being too large, and trip a size limitation in the TLS code. Oops! Sorry about that. So it does end up being the case that Picnic isn't currently very usable, and we're recommending the use of RSA certificates for now, and then you still get the benefit of using post-quantum key exchange. This should also be working, and with the updated version of Picnic, in our next release.
from pqcrypto-vpn.
Thanks for the explanation.
And yes, I managed to establish connection with tls-cipher OQSKEX-LWE-FRODO-RECOMMENDED-ECDHE-ECDSA-AES256-GCM-SHA384
from pqcrypto-vpn.
@vbog1 I've got a candidate of the 1.3 release, where Picnic certificates are now working, in the dev-1.3 branch: https://github.com/microsoft/PQCrypto-VPN/tree/dev-1.3
I've moved to using submodules for the various dependencies, so clone with: git clone --branch dev-1.3 --recurse-submodules https://github.com/microsoft/PQCrypto-VPN.git. There's also a Dockerfile under openvpn/build/docker as well. The Windows build is now done completely cross-compiled, so everything gets built in one step now.
Feedback welcome!
from pqcrypto-vpn.
Related Issues (20)
- Enabling KEM and QSIGNATURE of choice in PQCrypto-VPN HOT 2
- OQS OpenSSL fails to run after build. HOT 2
- PQCrypto-VPN builds and runs, but OQS-KEX keys missing in traffic. HOT 15
- dev1.3 branch, build error HOT 2
- Add command-line parameters to skip either the Linux or Windows build
- Add logging to show key exchange algorithm negotiated HOT 1
- build error
- Broken implementation of kyber512, kyber768 and kyber1024 as KEX. HOT 6
- Update Raspberry Pi "post-quantum access point" instructions for PQCrypto-VPN 1.3 HOT 1
- Instructions for more/all liboqs algorithms support (KEMs and signature) HOT 1
- OpenVPN version update? HOT 1
- Compatibility with OQS-OpenSSL_1_1_1 branch of openssl HOT 1
- Curve configuration setting HOT 10
- Integrate with liboqs 0.4.0 HOT 14
- sidhp751 crash - linux HOT 7
- How to build a custom PQCrypto-VPN with latest (dev) liboqs and OQS-OpenSSL (1.1.1k) on Windows 10 HOT 4
- tls-cipher schemes for control channel negotiation request and certificate read issue HOT 38
- Build failure at step 1. HOT 3
- branch: oqsrepo Build Error HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pqcrypto-vpn.