Comments (9)
You have hit on a shortcoming of OQS-chromium: No-one got around to implementing #52. If you need this feature and would have time to do this, we'd be very glad to receive a PR for this.
Presently the only way to set the acceptable client algorithms is to build the boringssl
client (OQS-chromium) with the desired (set of) acceptable client algorithm(s) "baked in". This should be possible by changing the kDefaultGroups array as desired.
from oqs-demos.
Unfortunately I'm more like a researcher than a developer. Not really good at programming.
In my view, a good researcher (still consider myself one) shouldn't shy back from understanding others' code to give it new capabilities (call it "source code archaeology" and it's a scientific undertaking :-)
Does this mean once I built the chromium I can no longer change it anymore?
Yes. Thus it would be prudent to include all QSC algorithms your company servers would want to support: This is just a list: The more complete it is, the more algorithms your QSC-chromium build can support. It's only getting slightly more inefficient with an extremely long list of algorithms.
I'm guessing I probably should do this once the BoringSSL has been swapped with OQS-BoringSSL?
Yes. If you successfully built chromium all you (should) need to do is a re-build (after changing the list): The build system should take care of the rest.
from oqs-demos.
All right. But skills change over time and it'd be great if you could see this as a challenge to grow your skills on and help us resolve #52.
Sure. May I ask is there any information I can dig in to do this? I might start with researching about how to build this feature first. But no guarantee of completion cuz this task is apparently beyond my might. 😅😅
I'd then be glad to hear if this worked and we can close this issue.
Sure, I will get back to you once I've done this. Considering my testing environment, it might be next week.
from oqs-demos.
UW. Thanks for the feedback & get well soon.
from oqs-demos.
I see. Thank you for your response.
If you need this feature and would have time to do this, we'd be very glad to receive a PR for this.
Thanks for the invitation! Unfortunately I'm more like a researcher than a developer.😅 Not really good at programming. I'm doing a proof of concept project for my company which is setting an OQS enabled reverse proxy in front of all the company's servers to provide quantum safe front end connection.
Presently the only way to set the acceptable client algorithms is to build the
boringssl
client (OQS-chromium) with the desired (set of) acceptable client algorithm(s) "baked in". This should be possible by changing the kDefaultGroups array as desired.
Does this mean once I built the chromium I can no longer change it anymore?
Btw, may I ask when should I modify the file during the building process(like before which step)?
I'm guessing I probably should do this once the BoringSSL has been swapped with OQS-BoringSSL?
Kind regards,
Ray
from oqs-demos.
In my view, a good researcher (still consider myself one) shouldn't shy back from understanding others' code to give it new capabilities (call it "source code archaeology" and it's a scientific undertaking :-)
Totally agree. Maybe I should put it another way, I should say coding is my weakness and I'm still learning to improve it. But just consider what I am currently capable of I would say that the task is too hard for me. 😅😅
Yes. Thus it would be prudent to include all QSC algorithms your company servers would want to support: This is just a list: The more complete it is, the more algorithms your QSC-chromium build can support. It's only getting slightly more inefficient with an extremely long list of algorithms.
Yes. If you successfully built chromium all you (should) need to do is a re-build (after changing the list): The build system should take care of the rest.
I see. Thank you very much sir. This is very clear and helpful. I will rebuild it and choose a proper subset of the algorithms.
from oqs-demos.
I would say that the task is too hard for me
All right. But skills change over time and it'd be great if you could see this as a challenge to grow your skills on and help us resolve #52.
I see. Thank you very much sir. This is very clear and helpful. I will rebuild it and choose a proper subset of the algorithms.
Good to hear. I'd then be glad to hear if this worked and we can close this issue.
In any case, thanks for making us aware of some shortcomings in our documentation: We improved that accordingly.
from oqs-demos.
May I ask is there any information I can dig in to do this?
Sorry, I don't know: I didn't look into that myself. I'd start with a web search on chromium design docs and probably also use grep -r
for existing command line parameters (implementation) and dig forward from there.
from oqs-demos.
I'd then be glad to hear if this worked and we can close this issue.
Sorry for the late response. In the past few days, I have been suffered from the side effects of my vaccination(AstraZeneca).
I have swapped the default algorithm into all kyber above level 3 and rebuilt the chromium.
The result was successful.
Since Chrome can connect to the server only when the server uses one of its default KEX algorithms, I used SSLOpenSSSLConfCmd
in the httpd-ssl.conf
file to specify which algorithm is allowed on the server side.
I chose algorithm kyber768
and kyber90s1024
, the server returned the it works
page.
On the other hand, I chose the algorithm kyber512
, then it returned the error page cuz it's not one of the default algorithm.
Thanks again for all the help!
from oqs-demos.
Related Issues (20)
- unable to pull the chrome file from server HOT 1
- Cannot switch off OQS_HAVE_GETENTROPY, OQS_HAVE_EXPLICIT_BZERO HOT 3
- Fix integrations to specific commits?
- OQS Chromium(117.0.5863.0) : ERR_SSL_VERSION_OR_CIPHER_MISMATCH HOT 15
- curl --write-out time_appconnect for SSL/TLS Handshake variable is faulty HOT 4
- Failed to build oqs-nginx on Mac M1
- Failed to build httpd on Mac M1 HOT 1
- ee key too small has occured in nginx with debian:bookworm-slim HOT 5
- https://test.openquantumsafe.org:6000 does not accept `x25519_kyber768`
- Wireshark Docker Build Fails with WolfSSL Due to Undeclared 'QSC_SIG_CPS' Variable HOT 1
- Update test server with liboqs 0.9.2 release HOT 3
- Introduce CI mechanism to use specific liboqs/oqs-provider versions
- Add QUIC support HOT 3
- !DOCTYPE ERROR HOT 1
- Not able to get OQS-Chromium browser working - https://openquantumsafe.org/applications/tls.html#chromium HOT 19
- oqs-epiphany not working HOT 11
- qteslapi is not supported by oqs openssl HOT 1
- Dont get Server Temp Key in openssl s_client when testing HOT 1
- Update test server with liboqs 0.10.0 release HOT 8
- HAProxy HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oqs-demos.