Comments (11)
Binary created for ubuntu18.04 and accessible at http://oqs-chrome.s3-website.us-east-2.amazonaws.com (I'm using this to learn S3...).
Caveat: This (256MB) binary won't run as-is :-(. Only when running with all build-components (config files, shared libs, etc), it runs OK. Problem: All this "stuff" is 2.2GB (also accessible over the above S3 location). I'm just not sure we want this: Who wants to download that much? Where do we want to store it? @dstebila @xvzcf : Comments?
from oqs-demos.
@dstebila @xvzcf Update: After failing with piecemeal additions to the main executable, I now removed piece-by-piece stuff from the full build that I thought isn't necessary to run chromium and it looks like I might have been successful: Please navigate to http://oqs-chrome.s3-website.us-east-2.amazonaws.com and you'll be given the opportunity to download a 118MB tar.gz: Please unpack that into a directory of your choice on an ubuntu18.04 Desktop installation and run "./chrome https://test.openquantumsafe.org": If all goes well, this will allow you to (QSC-)connect to the supported algorithms, e.g., https://test.openquantumsafe.org:6040/
from oqs-demos.
I was able to download and run Chromium, and I installed the OQS certificate. When I visit ecdsap256-x25519 (port 6001), it connects successfully. When I visit a post-quantum port, I get the attached error. Running on Ubuntu 18.04.5 after running apt update and apt upgrade.
from oqs-demos.
@dstebila Thanks for the test. That's not unexpected: My take is that this is a result of our "way-back" decision to eliminate on client-side indicating support for all OQS algs/curves. For BoringSSL (and thus also Chromium), the supported list is shown here if I understand things correct. @xvzcf : Correct?
All that said ---- I just realized the test server runs liboqs 0.4.0 and I built BoringSSL within Chromium against master
which could cause arbitrary problems, of course. Whatever, I just now built a new Chromium using liboqs 0.4.0 (and the corresponding boringssl "1a39df938"): The behaviour doesn't change -- but again, as expected as per the above (also documented in the Chromium README and the BoringSSL Wiki). Ideas/suggestions welcome!
So I'm afraid, the answer is "Works as expected/designed". I'm also not happy, though, and would love an alternative way to enable all algorithms (like setting --curves in openssl).
from oqs-demos.
I'd forgotten that not all of the ports were supported in our Chromium. I was able to successfully connect to ecdsap256-p256_frodo640aes. Can you think of an easy way to make it clear which ones are supported? A start page in our custom Chromium? A big red box on the test.openquantumsafe.org landing page? Some kind of flag on the big table of algorithms?
from oqs-demos.
The easiest would be a link on the test server landing page pointing to the list of supported algorithms here. For those folks not reading text we could also add a flag "Chromium support" to the ports list -- but it would be set embarrassingly rarely. A more complete option to enable all algorithms would be to add an option to Chromium to change the default curves list via SSL_CTX_set1_groups_list
. That however would necessitate understanding Chromium logic much more -- and necessitate people to read the documentation on (how to) set(ing) the curves list.
For now, I'd do option 1 and create an issue for option 3. Please let me know if you'd prefer option 2 (flags): I'd add that at the same moment then, too.
from oqs-demos.
I am not proposing we add an option to Chromium to change the default curves list.
Linking to a C file for the list of supported algorithms is slightly unfriendly; perhaps we can just manually type a list of supported algorithms into the landing page, and try to remember to update it if we ever make changes to the enabled algorithms in Chromium.
from oqs-demos.
The default curves list adaptation was my suggestion for a more flexible alternative to what we have now. I might create a low-priority issue.
For now, please check out the updated Caveats section at https://test.openquantumsafe.org : If OK, I'll change the generator code accordingly (but then again, maybe another issue to create a more sexy Web page for the test server would be in order, too).
from oqs-demos.
For now, please check out the updated Caveats section at https://test.openquantumsafe.org : If OK, I'll change the generator code accordingly (but then again, maybe another issue to create a more sexy Web page for the test server would be in order, too).
Good to me.
from oqs-demos.
@dstebila Please check https://github.com/open-quantum-safe/oqs-demos/releases/tag/v0.4.0 If this runs OK for you, let's close this issue.
from oqs-demos.
Works for me, thanks Michael!
from oqs-demos.
Related Issues (20)
- unable to pull the chrome file from server HOT 1
- Cannot switch off OQS_HAVE_GETENTROPY, OQS_HAVE_EXPLICIT_BZERO HOT 3
- Fix integrations to specific commits?
- OQS Chromium(117.0.5863.0) : ERR_SSL_VERSION_OR_CIPHER_MISMATCH HOT 15
- curl --write-out time_appconnect for SSL/TLS Handshake variable is faulty HOT 4
- Failed to build oqs-nginx on Mac M1
- Failed to build httpd on Mac M1 HOT 1
- ee key too small has occured in nginx with debian:bookworm-slim HOT 5
- https://test.openquantumsafe.org:6000 does not accept `x25519_kyber768`
- Wireshark Docker Build Fails with WolfSSL Due to Undeclared 'QSC_SIG_CPS' Variable HOT 1
- Update test server with liboqs 0.9.2 release HOT 3
- Introduce CI mechanism to use specific liboqs/oqs-provider versions
- Add QUIC support HOT 3
- !DOCTYPE ERROR HOT 1
- Not able to get OQS-Chromium browser working - https://openquantumsafe.org/applications/tls.html#chromium HOT 19
- oqs-epiphany not working HOT 11
- qteslapi is not supported by oqs openssl HOT 1
- Dont get Server Temp Key in openssl s_client when testing HOT 1
- Update test server with liboqs 0.10.0 release HOT 8
- HAProxy HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oqs-demos.