test: use lower security level in s_client #48192

lpinca · 2023-05-26T15:48:15Z

With the default security level (SECLEVEL=2), the following error

40E72B52DB7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key
too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100

is raised on on Ubuntu 22.04 on WSL2.

With the default security level (SECLEVEL=2), the following error ``` 40E72B52DB7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100 ``` is raised on on Ubuntu 22.04 on WSL2.

nodejs-github-bot · 2023-05-26T15:56:38Z

CI: https://ci.nodejs.org/job/node-test-pull-request/51972/

lpinca · 2023-05-27T18:42:07Z

This is the full output

$ ./tools/test.py test/parallel/test-tls-dhe.js
=== release test-tls-dhe ===
Path: parallel/test-tls-dhe
node:assert:991
    throw newErr;
    ^

AssertionError [ERR_ASSERTION]: ifError got unwanted exception: Command failed: /home/luigi/node/out/Release/openssl-cli s_client -connect 127.0.0.1:35673 -cipher DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
Can't use SSL_get_servername
depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
verify error:num=18:self-signed certificate
verify return:1
depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
verify return:1
40E72B52DB7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100:

    at /home/luigi/node/test/common/index.js:426:12
    at /home/luigi/node/test/common/index.js:463:15
    at ChildProcess.exithandler (node:child_process:427:5)
    at ChildProcess.exithandler (node:child_process:419:12)
    at ChildProcess.emit (node:events:511:28)
    at maybeClose (node:internal/child_process:1098:16)
    at ChildProcess._handle.onexit (node:internal/child_process:304:5) {
  generatedMessage: false,
  code: 'ERR_ASSERTION',
  actual: Error: Command failed: /home/luigi/node/out/Release/openssl-cli s_client -connect 127.0.0.1:35673 -cipher DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
  Can't use SSL_get_servername
  depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
  verify error:num=18:self-signed certificate
  verify return:1
  depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
  verify return:1
  40E72B52DB7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100:

      at ChildProcess.exithandler (node:child_process:419:12)
      at ChildProcess.emit (node:events:511:28)
      at maybeClose (node:internal/child_process:1098:16)
      at ChildProcess._handle.onexit (node:internal/child_process:304:5) {
    code: 1,
    killed: false,
    signal: null,
    cmd: '/home/luigi/node/out/Release/openssl-cli s_client -connect 127.0.0.1:35673 -cipher DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
  },
  expected: null,
  operator: 'ifError'
}

Node.js v21.0.0-pre
Command: out/Release/node --no-warnings /home/luigi/node/test/parallel/test-tls-dhe.js


[00:00|% 100|+   0|-   1]: Done

Failed tests:
out/Release/node --no-warnings /home/luigi/node/test/parallel/test-tls-dhe.js

nodejs-github-bot · 2023-05-29T19:23:41Z

Landed in 20080f9

With the default security level (SECLEVEL=2), the following error ``` 40E72B52DB7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100 ``` is raised on on Ubuntu 22.04 on WSL2. PR-URL: #48192 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>

With the default security level (SECLEVEL=2), the following error ``` 40E72B52DB7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100 ``` is raised on on Ubuntu 22.04 on WSL2. PR-URL: nodejs#48192 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>

With the default security level (SECLEVEL=2), the following error ``` 40E72B52DB7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100 ``` is raised on on Ubuntu 22.04 on WSL2. PR-URL: #48192 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>

With the default security level (SECLEVEL=2), the following error ``` 40E72B52DB7F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100 ``` is raised on on Ubuntu 22.04 on WSL2. PR-URL: nodejs#48192 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>

nodejs-github-bot added needs-ci PRs that need a full CI run. test Issues and PRs related to the tests. labels May 26, 2023

lpinca added the request-ci Add this label to start a Jenkins CI on a PR. label May 26, 2023

lpinca force-pushed the set/seclevel-for-s_client branch from c91a637 to 4c6ea53 Compare May 26, 2023 15:50

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label May 26, 2023

bnoordhuis approved these changes May 27, 2023

View reviewed changes

jasnell approved these changes May 29, 2023

View reviewed changes

lpinca added the commit-queue Add this label to land a pull request using GitHub Actions. label May 29, 2023

nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label May 29, 2023

nodejs-github-bot merged commit 20080f9 into nodejs:main May 29, 2023

lpinca deleted the set/seclevel-for-s_client branch May 29, 2023 19:26

richardlau added the lts-watch-v18.x PRs that may need to be released in v18.x. label Jun 2, 2023

richardlau mentioned this pull request Jun 2, 2023

ansible: add Ubuntu 22.04 sharedlibs container nodejs/build#3371

Merged

targos mentioned this pull request Jun 4, 2023

v20.3.0 release proposal #48332

Merged

danielleadams mentioned this pull request Jul 10, 2023

v18.17.0 release proposal #48694

Merged

targos added backported-to-v18.x PRs backported to the v18.x-staging branch. and removed lts-watch-v18.x PRs that may need to be released in v18.x. labels Oct 27, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test: use lower security level in s_client #48192

test: use lower security level in s_client #48192

lpinca commented May 26, 2023 •

edited

Loading

nodejs-github-bot commented May 26, 2023

lpinca commented May 27, 2023

nodejs-github-bot commented May 29, 2023

test: use lower security level in s_client #48192

test: use lower security level in s_client #48192

Conversation

lpinca commented May 26, 2023 • edited Loading

nodejs-github-bot commented May 26, 2023

lpinca commented May 27, 2023

nodejs-github-bot commented May 29, 2023

lpinca commented May 26, 2023 •

edited

Loading