Digests: SHA512:SHA384:SHA1:SHA256:SHA224 Vers: TLSv1.2 ... PASSED
Digests: SHA512:SHA384:SHA224:SHA1:SHA256 Vers: TLSv1.2 ... PASSED
Digests: SHA512:SHA384:SHA224:SHA256:SHA1 Vers: TLSv1.2 ... PASSED
Digests: SHA512:SHA384:SHA256:SHA1:SHA224 Vers: TLSv1.2 ... PASSED
Digests: SHA512:SHA384:SHA256:SHA224:SHA1 Vers: TLSv1.2 ... PASSED
Running s2n Client elliptic curve tests:
Expected supported: ['P-256', 'P-384']
Expected unsupported: ['B-163', 'K-409']
Testing ciphers using curve list of size: 1
Curves: P-256 Vers: TLSv1.2 ... PASSED
Curves: P-256 Vers: TLSv1.2 ... PASSED
Curves: P-384 Vers: TLSv1.2 ... PASSED
Curves: P-384 Vers: TLSv1.2 ... PASSED
Testing ciphers using curve list of size: 2
Curves: P-256:P-384 Vers: TLSv1.2 ... PASSED
Curves: P-256:P-384 Vers: TLSv1.2 ... PASSED
Curves: P-384:P-256 Vers: TLSv1.2 ... PASSED
Curves: P-384:P-256 Vers: TLSv1.2 ... PASSED
( \
DYLD_LIBRARY_PATH="../../lib/:../testlib/:/Users/zeboxiong/s2n/test-deps/openssl-1.1.1/lib:$DYLID_LIBRARY_PATH" \
LD_LIBRARY_PATH="../../lib/:../testlib/:/Users/zeboxiong/s2n/test-deps/openssl-1.1.1/lib:$LD_LIBRARY_PATH" \
python3 s2n_handshake_test_gnutls.py --libcrypto openssl-1.1.1 127.0.0.1 8888; \
)
Running GnuTLS handshake tests with: gnutls-cli 3.5.6
Testing ciphers using client version: SSLv3
Creating ThreadPool of size: 8
However, the next steps, I need to use s2n
I need to evaluate s2n for my project - to check the s2n's performance
notAfter
functions
s2n_connection_set_fd
of about 24 bytes -- is this a known issue?
Are any plans on adding hot reloading of certs on expiry feature in s2n for long-running services?
Currently no, though that's possible to do from the library that's calling s2n. Just create a new s2n_config with the new certificate loaded, and start using that new s2n_config for every new s2n_connection. Then once all the old s2n_connections have finished, you can free the previous s2n_config with the older cert.
u' modifier ignored since
D' is the default (see U')
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_192r1'nettle_secp_384r1'
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_224r1'nettle_secp_256r1'
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_521r1'nettle_secp_192r1'
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_384r1'nettle_secp_224r1'
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_256r1'nettle_secp_521r1'
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile:1857: ocsptool] Error 1
gcc: warning: switch '-Wchkp' is no longer supported
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_192r1'nettle_secp_384r1'
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_224r1'nettle_secp_256r1'
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_521r1'u' modifier ignored since
D' is the default (see U')
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_192r1'nettle_secp_384r1'
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_224r1'nettle_secp_256r1'
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_521r1'u' modifier ignored since
D' is the default (see U')
gcc: warning: switch '-Wchkp' is no longer supported
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_192r1'nettle_secp_384r1'
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_224r1'nettle_secp_256r1'
/usr/bin/ld: ../lib/.libs/libgnutls.so: undefined reference to
nettle_secp_521r1'