Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL 3.5 compatibility #2687

Merged
merged 1 commit into from
Mar 11, 2025
Merged

OpenSSL 3.5 compatibility #2687

merged 1 commit into from
Mar 11, 2025

Conversation

dcooper16
Copy link
Collaborator

@dcooper16 dcooper16 commented Mar 10, 2025
edited
Loading

Describe your changes

With the current master branch of OpenSSL (3.5.0-dev), the output that is provided by s_client has changed in the case of a cipher suite that uses an ephemeral key. Rather than preceding the ephemeral key information with "Server Temp Key: ", it is now preceded by either "Peer Temp Key:" or "Negotiated TLS1.3 group:". This PR modifies the lines that extract ephemeral key information from OpenSSL responses to accept any of these strings.

What is your pull request about?

  • Bug fix
  • Improvement
  • New feature (adds functionality)
  • Breaking change (bug fix, feature or improvement that would cause existing functionality to not work as expected)
  • Typo fix
  • Documentation update
  • Update of other files

If it's a code change please check the boxes which are applicable

  • For the main program: My edits contain no tabs and the indentation is five spaces
  • I've read CONTRIBUTING.md and Coding_Convention.md
  • I have tested this fix or improvement against >=2 hosts and I couldn't spot a problem
  • I have tested this new feature against >=2 hosts which show this feature and >=2 host which does not (in order to avoid side effects) . I couldn't spot a problem
  • For the new feature I have made corresponding changes to the documentation and / or to help()
  • If it's a bigger change: I added myself to CREDITS.md (alphabetical order) and the change to CHANGELOG.md

@dcooper16
OpenSSL 3.5 compatibility
6a333d1 
With the current master branch of OpenSSL (3.5.0-dev), the output that is provided by s_client has changed in the case of a cipher suite that uses an ephemeral key. Rather than preceding the ephemeral key information with "Server Temp Key: ", it is now preceded by either "Peer Temp Key:" or "Negotiated TLS1.3 group:". This commit modifies the lines that extract ephemeral key information from OpenSSL responses to accept any of these strings.
@dcooper16
Copy link
Collaborator Author

OpenSSL 3.5 will have support for ML-KEM, ML-DSA, SLH-DSA, as well as support for using ML-KEM in key exchanges. testssl.sh can be enhanced to make use of this new functionality. I intend to work on that in one or more PRs, but this PR is just about ensuring that nothing that currently works breaks if OpenSSL 3.5 is used.

@drwetter drwetter merged commit ac83b79 into testssl:3.2 Mar 11, 2025
2 checks passed
@drwetter
Copy link
Collaborator

Cool & thanks!

@dcooper16 dcooper16 deleted the ossl35_compat branch March 11, 2025 14:41
dcooper16 added a commit to dcooper16/testssl.sh that referenced this pull request Mar 11, 2025
@dcooper16
Update CHANGELOG.md
b35f999 
This commit adds information about testssl#2687, testssl#2688, and testssl#2690 to the change log.
dcooper16 added a commit to dcooper16/testssl.sh that referenced this pull request Mar 11, 2025
@dcooper16
Update CHANGELOG.md and CREDITS.md
ec1d28e 
This commit adds information about testssl#2687, testssl#2688, and testssl#2690 to the change log.
@dcooper16 dcooper16 mentioned this pull request Mar 11, 2025
Merged
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dcooper16 @drwetter