From 6d11006b5496e5fb4282f4c02473829d25e82abb Mon Sep 17 00:00:00 2001 From: Jakob Borg Date: Fri, 27 Nov 2015 09:09:39 +0100 Subject: [PATCH] Generate ECDSA keys instead of RSA This replaces the current 3072 bit RSA certificates with 384 bit ECDSA certificates. The advantage is these certificates are smaller and essentially instantaneous to generate. According to RFC4492 (ECC Cipher Suites for TLS), Table 1: Comparable Key Sizes, ECC has comparable strength to 3072 bit RSA at 283 bits - so we exceed that. There is no compatibility issue with existing Syncthing code - this is verified by the integration test ("h2" instance has the new certificate). There are browsers out there that don't understand ECC certificates yet, although I think they're dying out. In the meantime, I've retained the RSA code for the HTTPS certificate, but pulled it down to 2048 bits. I don't think a higher security level there is motivated, is this matches current industry standard for HTTPS certificates. --- cmd/syncthing/gui.go | 2 +- cmd/syncthing/main.go | 9 +++--- lib/tlsutil/tlsutil.go | 50 +++++++++++++++++++++++++++++++--- test/h1/config.xml | 6 ++-- test/h2/cert.pem | 30 ++++++-------------- test/h2/config.xml | 12 ++++---- test/h2/https-cert.pem | 37 +++++++++++-------------- test/h2/https-key.pem | 62 +++++++++++++++++------------------------- test/h2/key.pem | 45 ++++-------------------------- test/h3/config.xml | 6 ++-- test/util.go | 2 +- 11 files changed, 122 insertions(+), 139 deletions(-) diff --git a/cmd/syncthing/gui.go b/cmd/syncthing/gui.go index a05e3027..c714e2c3 100644 --- a/cmd/syncthing/gui.go +++ b/cmd/syncthing/gui.go @@ -98,7 +98,7 @@ func (s *apiSvc) getListener(guiCfg config.GUIConfiguration) (net.Listener, erro name = tlsDefaultCommonName } - cert, err = tlsutil.NewCertificate(locations[locHTTPSCertFile], locations[locHTTPSKeyFile], name, tlsRSABits) + cert, err = tlsutil.NewCertificate(locations[locHTTPSCertFile], locations[locHTTPSKeyFile], name, httpsRSABits) } if err != nil { return nil, err diff --git a/cmd/syncthing/main.go b/cmd/syncthing/main.go index d21e03d7..b842683c 100644 --- a/cmd/syncthing/main.go +++ b/cmd/syncthing/main.go @@ -70,7 +70,8 @@ const ( const ( bepProtocolName = "bep/1.0" tlsDefaultCommonName = "syncthing" - tlsRSABits = 3072 + httpsRSABits = 2048 + bepRSABits = 0 // 384 bit ECDSA used instead pingEventInterval = time.Minute maxSystemErrors = 5 initialSystemLog = 10 @@ -378,7 +379,7 @@ func generate(generateDir string) { l.Warnln("Key exists; will not overwrite.") l.Infoln("Device ID:", protocol.NewDeviceID(cert.Certificate[0])) } else { - cert, err = tlsutil.NewCertificate(certFile, keyFile, tlsDefaultCommonName, tlsRSABits) + cert, err = tlsutil.NewCertificate(certFile, keyFile, tlsDefaultCommonName, bepRSABits) if err != nil { l.Fatalln("Create certificate:", err) } @@ -501,8 +502,8 @@ func syncthingMain() { // Ensure that that we have a certificate and key. cert, err := tls.LoadX509KeyPair(locations[locCertFile], locations[locKeyFile]) if err != nil { - l.Infof("Generating RSA key and certificate for %s...", tlsDefaultCommonName) - cert, err = tlsutil.NewCertificate(locations[locCertFile], locations[locKeyFile], tlsDefaultCommonName, tlsRSABits) + l.Infof("Generating ECDSA key and certificate for %s...", tlsDefaultCommonName) + cert, err = tlsutil.NewCertificate(locations[locCertFile], locations[locKeyFile], tlsDefaultCommonName, bepRSABits) if err != nil { l.Fatalln(err) } diff --git a/lib/tlsutil/tlsutil.go b/lib/tlsutil/tlsutil.go index f8e5365e..298b8356 100644 --- a/lib/tlsutil/tlsutil.go +++ b/lib/tlsutil/tlsutil.go @@ -8,6 +8,8 @@ package tlsutil import ( "bufio" + "crypto/ecdsa" + "crypto/elliptic" "crypto/rand" "crypto/rsa" "crypto/tls" @@ -27,8 +29,17 @@ var ( ErrIdentificationFailed = fmt.Errorf("failed to identify socket type") ) +// NewCertificate generates and returns a new TLS certificate. If tlsRSABits +// is greater than zero we generate an RSA certificate with the specified +// number of bits. Otherwise we create a 384 bit ECDSA certificate. func NewCertificate(certFile, keyFile, tlsDefaultCommonName string, tlsRSABits int) (tls.Certificate, error) { - priv, err := rsa.GenerateKey(rand.Reader, tlsRSABits) + var priv interface{} + var err error + if tlsRSABits > 0 { + priv, err = rsa.GenerateKey(rand.Reader, tlsRSABits) + } else { + priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + } if err != nil { return tls.Certificate{}, fmt.Errorf("generate key: %s", err) } @@ -47,10 +58,9 @@ func NewCertificate(certFile, keyFile, tlsDefaultCommonName string, tlsRSABits i KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, BasicConstraintsValid: true, - SignatureAlgorithm: x509.SHA256WithRSA, } - derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &priv.PublicKey, priv) + derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) if err != nil { return tls.Certificate{}, fmt.Errorf("create cert: %s", err) } @@ -72,7 +82,13 @@ func NewCertificate(certFile, keyFile, tlsDefaultCommonName string, tlsRSABits i if err != nil { return tls.Certificate{}, fmt.Errorf("save key: %s", err) } - err = pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) + + block, err := pemBlockForKey(priv) + if err != nil { + return tls.Certificate{}, fmt.Errorf("save key: %s", err) + } + + err = pem.Encode(keyOut, block) if err != nil { return tls.Certificate{}, fmt.Errorf("save key: %s", err) } @@ -136,3 +152,29 @@ type UnionedConnection struct { func (c *UnionedConnection) Read(b []byte) (n int, err error) { return c.Reader.Read(b) } + +func publicKey(priv interface{}) interface{} { + switch k := priv.(type) { + case *rsa.PrivateKey: + return &k.PublicKey + case *ecdsa.PrivateKey: + return &k.PublicKey + default: + return nil + } +} + +func pemBlockForKey(priv interface{}) (*pem.Block, error) { + switch k := priv.(type) { + case *rsa.PrivateKey: + return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}, nil + case *ecdsa.PrivateKey: + b, err := x509.MarshalECPrivateKey(k) + if err != nil { + return nil, err + } + return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}, nil + default: + return nil, fmt.Errorf("unknown key type") + } +} diff --git a/test/h1/config.xml b/test/h1/config.xml index bf1d60e2..ee9e510d 100644 --- a/test/h1/config.xml +++ b/test/h1/config.xml @@ -1,7 +1,7 @@ - + 1 @@ -18,7 +18,7 @@ - + 1 1 @@ -37,7 +37,7 @@
tcp://127.0.0.1:22001
 - +
tcp://127.0.0.1:22002
 diff --git a/test/h2/cert.pem b/test/h2/cert.pem index 46e3c73f..0ddc3cde 100644 --- a/test/h2/cert.pem +++ b/test/h2/cert.pem @@ -1,23 +1,11 @@ -----BEGIN CERTIFICATE----- -MIID3jCCAkigAwIBAgIBADALBgkqhkiG9w0BAQUwFDESMBAGA1UEAxMJc3luY3Ro -aW5nMB4XDTE0MDMxNDA3MDEwNFoXDTQ5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJ -c3luY3RoaW5nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAsIV0syyR -O56BvIOro4bIqB6iFJsNc4zX8MiM4QPTWgqGlYwsKSVmNppTdlACZCJIqyzoscrF -qJPto8/e2Fc3oaTdEREGIs7cmc7LSXfot/mAgPpy71SVWtb7xNmXro2JJPZjRBCS -pl1ulPug+/8w7fSKQdLMjh4Hp2YlwVBfVu0bYEEW+7Vl9PZVTv+NbTqXYvYVc9R6 -QFIbN/njWAuo2wpjJlY7vqNnSYZyskAaaAC17fFJkVQKKblTeTk1C9PxTmVTB1j9 -yOoD3+V/6IrTYKXdTHGJ1MqdieTHj1jHXe5TOeSB+Hjgq4tr25mPfQ4ixXqDqIcx -5390DAjInuSKNUJ5pqiFrVe9eIDmySZCg5/JIL3c8phy6g1bxiJN14+Dn0om/0+9 -UrHK8LVzWMmtFRVycWVUYmARWFY3EE10k0RXU2HtzmjfnBkRrl13b0ExizlA1qJ3 -3ngxF5rNEDSMpwf4og5uYOjRUPYuvCL9XtQKr254NFO/sg/qqPV4hFWTAgMBAAGj -PzA9MA4GA1UdDwEB/wQEAwIAoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH -AwIwDAYDVR0TAQH/BAIwADALBgkqhkiG9w0BAQUDggGBAAZSU08zAzyuGqKqqU/c -Pr+xML8oKiJqko5pb3ETDQC+uVw+qUHwiGYsvHI1cih4ix+tKvf+Yaiizp/35VkP -qwls3a4ljq1Ww0Sf7J87QX0DumYpBGOfoCpmV4MacyjLhpLRKRGZHwIbOeFsmEu9 -oO38co+GvDy4CiAt3tuOdjBNs0gNOAdTTxqgm97raB9oXeg2i4Fb4MCT4UBUdXLM -ZNLCifza+PWkBxmfBORvlKGeJBruLpXHBWnWEigZSLXIFjn3JJUy4fKd+/JMp063 -8Pjo6zUOckBCH8Lv90vzfrmdlQK555jWpcebN0l9neESEXw19l0OlqkJGVTr6JKq -w5kjiL4eP7kpKKwCezhDSX3jf4P36wdF8MpOUBxVqfM+Oh5tHIcZctnurhYV7rXs -jR70FMqWjHBmwemsXGrObNVt8c75yB+19U6DAulr2RhRw5GD74U1znP00eGZ8TJf -RN1FYilUPCawMYeQoB8WIn9So7zIm0MfOl4KXNWDX02+Kw== +MIIBmzCCASCgAwIBAgIIawvqtXNSqBQwCgYIKoZIzj0EAwMwFDESMBAGA1UEAxMJ +c3luY3RoaW5nMB4XDTE1MTEyNzA4MDA1N1oXDTQ5MTIzMTIzNTk1OVowFDESMBAG +A1UEAxMJc3luY3RoaW5nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7iI2E5etAs53 +6s+SUV3HKZeK55iHUY6X4PHePjyvNxOCZ6GvbErOXWqumU4+vzVREW1wvNtGXAtv +z/hsHIPJ7EdKIX0QPATms2NplCbaFlUxHBpUzhlNulhsoV5ajn7yoz8wPTAOBgNV +HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1Ud +EwEB/wQCMAAwCgYIKoZIzj0EAwMDaQAwZgIxAPe+pj6NrQiK720v/9IMDPWIRxqt +hxgy03YGzbQskXRDJVvLU49HCHV+8JNL6WwgKgIxALA+RdYb0qDxhcdtt57Zu3A1 +eQZEvsJg9FGJOjYDnxZYqEpNZSgTwgcRvGH1Srt37w== -----END CERTIFICATE----- diff --git a/test/h2/config.xml b/test/h2/config.xml index 1ea6a0a3..4ba57cd9 100644 --- a/test/h2/config.xml +++ b/test/h2/config.xml @@ -1,7 +1,7 @@ - + 1 @@ -16,10 +16,11 @@ 0 0 -1 + false - + 1 1 @@ -31,9 +32,10 @@ 0 0 -1 + false - + 1 @@ -46,11 +48,12 @@ 0 0 -1 + false
tcp://127.0.0.1:22001
 - +
tcp://127.0.0.1:22002
 @@ -91,7 +94,6 @@ 5 true false - 0 1 https://api.github.com/repos/syncthing/syncthing/releases?per_page=30 diff --git a/test/h2/https-cert.pem b/test/h2/https-cert.pem index 902be52a..ad8b99ad 100644 --- a/test/h2/https-cert.pem +++ b/test/h2/https-cert.pem @@ -1,23 +1,18 @@ -----BEGIN CERTIFICATE----- -MIID5TCCAk+gAwIBAgIIX9LzFBcO3tkwCwYJKoZIhvcNAQELMBQxEjAQBgNVBAMT -CXN5bmN0aGluZzAeFw0xNDA5MTQyMjIzMzNaFw00OTEyMzEyMzU5NTlaMBQxEjAQ -BgNVBAMTCXN5bmN0aGluZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGB -AJ4ZRlf2aaI6iU6xFhFhJJ4mvLTWiA4/HS3IsFAz5qvfJUr39/G51xTE/mSwFQIq -GI87C+0EOFDHwo1gIoB6d7+Ggws/1kYs6oWlhi5zZp/gRp+HkQLmy1Qv1KyCrOzP -LWChAgWzbSN9vQ9ZH/LluWfmdpChaqIiSNRGE+Ks7j1hm1ge9Hs9TzVuSH0EUAVo -OPOCY90OMA6e8bVXRCFET1qcS/jvqgVZKJ/LtD2mDn0S+tXW+bfnIaVJ+RJ8+89O -L8AL+iufth56K81CG8AP+Czz/su1xMXsS56tLF4SjuqciqqtSCH4IJidi3i2kqCP -FiGn8xHUfGZ1FfNW5dc6bMWAAUlE04G5w5vsAD0hpw/m2vGKjI6fT9qHt86emvz/ -uYd2WupaEvcdevvrN5tJZLBE2aFybokDszl+ATEtTkZbvPOC2cKyAENSte6SfvZW -Ht/mvD0W6MP1oztRFRQASYG4OsvcP/4JNczRTWYNJpwVWHuQXl0DnCppYuF+QQWm -LwIDAQABoz8wPTAOBgNVHQ8BAf8EBAMCAKAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG -CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwCwYJKoZIhvcNAQELA4IBgQCQoYkLnqVN -b1BQKHox4lkQRrbhUNIOjtCo4NxvOA5Vzu4s6b4pk8Twj332Zk6sIJHkELaTZRgR -U5PzLhwvzIakpdPpH5ovQ3FTtJi6n06n61pKyXs84obXa8HR4zekRoDQHDY4FzOl -th2KOTDEya3kKfdYfApiRyVsgf2UGww8kRJuFMepVL2c52raZAJb2I26YJUTRTrV -Vuy0i0U0Up9jODBrlsvqzdVj0Yt1+8W1LR/RO5zECE8qa4HbyvW+ZRxdL76zcIGi -RiUmJH4jWw4BYg/ydvVm0ozPDlNo7NNh53tENTposIb4hj2tDOsmCZq97yHGeAL1 -H/YOiKBt7nKwsLbs+AuIAzdgNggSHu/nTvieAPRKakKFqcs6vEKPr4Hlaxq2mKBM -byE+V0cwSz3jkHb51bHLTOnaGWShTTspzAeOf/U2aUJKATjdOVYS380OYuNFopob -Alm1GEriC4feATVvLuOr7hZuZx0Gg6HEFFaBRRV99P7Zv/Rh6JJJKTs= +MIIC3zCCAcegAwIBAgIILrHT86p9vYAwDQYJKoZIhvcNAQELBQAwDzENMAsGA1UE +AxMEc3lubzAeFw0xNTExMjcwODA1NTNaFw00OTEyMzEyMzU5NTlaMA8xDTALBgNV +BAMTBHN5bm8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdxcS30eEu +D8fKokMseLzBJSXvXL0HI6f33ALG7cLi9cXZBurW7Q+bsrHeq6RiZx8PWT5aUkr6 +NI3tp3pSip0psJ6PROnmEN5g1rcT/0sQ2oRc5EEiA6jnS2kHgA3vSgaPvtXPqXow +ZD3J/h4IONVIqoxASMNu9rWHjy0CFKXHKBs4pyygysEaj+fL3fuCdvigdkcs5mro +z9O7QRWj6WWrmRfn0pcavN8fU/1TmisLqyxiheRY5WWelnJ3mdAC4dlj2dIj6oHw +QuUnzB4TCenLsD1i0MZzSi8tSVzx0ajra0zyslDfEbdd1HBQweP45R2rUWet2GnL +MfOyfe5GWwWNAgMBAAGjPzA9MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr +BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOC +AQEAbOVQB4fKIKVtiGi3SSHzdkG5T4p+1FGdSGCl/HjnpPRJ7Q4ZV4n7c7wXm6ya +Lg9lryJCRjK+gH2jIT16x8XqwUOxnlJEfqF85qqAm9h1Kf40wuCAdt72WjypCvZf +dzdgQT5wZ21A0lMltThf2dREcpD8+meh5qv3GNBOZpz2+OYiKnLlWi1Wh9MCwRNr +M+3amX7sJKnb+/xslx29fPzPpq/uypZKHFNG142fNG6wW3aKHELNA0szlSQGwWfe +0Aw1k6RrKz45iZPQ9HbRB3bF7t/gJVeN+uo484NZQG7cnej4zXEooL6W5jfo/ECr +vqe+Ym0B+xIRsfn0FApfVUqZkA== -----END CERTIFICATE----- diff --git a/test/h2/https-key.pem b/test/h2/https-key.pem index b2dc95e8..fd691d55 100644 --- a/test/h2/https-key.pem +++ b/test/h2/https-key.pem @@ -1,39 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIG4wIBAAKCAYEAnhlGV/ZpojqJTrEWEWEknia8tNaIDj8dLciwUDPmq98lSvf3 -8bnXFMT+ZLAVAioYjzsL7QQ4UMfCjWAigHp3v4aDCz/WRizqhaWGLnNmn+BGn4eR -AubLVC/UrIKs7M8tYKECBbNtI329D1kf8uW5Z+Z2kKFqoiJI1EYT4qzuPWGbWB70 -ez1PNW5IfQRQBWg484Jj3Q4wDp7xtVdEIURPWpxL+O+qBVkon8u0PaYOfRL61db5 -t+chpUn5Enz7z04vwAv6K5+2HnorzUIbwA/4LPP+y7XExexLnq0sXhKO6pyKqq1I -IfggmJ2LeLaSoI8WIafzEdR8ZnUV81bl1zpsxYABSUTTgbnDm+wAPSGnD+ba8YqM -jp9P2oe3zp6a/P+5h3Za6loS9x16++s3m0lksETZoXJuiQOzOX4BMS1ORlu884LZ -wrIAQ1K17pJ+9lYe3+a8PRbow/WjO1EVFABJgbg6y9w//gk1zNFNZg0mnBVYe5Be -XQOcKmli4X5BBaYvAgMBAAECggGAR/XtJMCOGD9YnC7Sgpqa1jl/jzhOuV1U5LAC -QJ8/EWACU3tGqgoSsetwd1gGV/PdNeSEax+OmoYyMbNeQOh9dPm+z/IAj/SF0ssi -piX0wjSNMLO993ohdnJG9TaNi0RJvT/L8dhXht4GnePNPPv/RiGKOg6ewKmmSKiV -CIn57ops8NE2KpofYYyPBghee/eSZJQm7Ek26pDCJ+5Onm2/SNj3Y5mC4+hPK1zG -74CT+64V6httkp1rnRZsflPRMey97AdzKhnUS/aEdowxyETamp4CY3UzM27fj8Sy -wpi2NqiWdz8c/o64AkAkxMa8aIxI2vi3CM7UypjudYyfLfI1g1BvCq5OQZYN2X5X -uv9QmAOhnVwKmON5Pxn8tUHeasQfKuC9pNu1Ebb9DK3lMDYenlT984zFh1aAda2g -uYLSiLJP8S5YcvwUPHue73yOFGayELMzFcHXtUTZnrhWOP6nIHqEDOT6T9VfvWjH -lvhuVjJmyxFrf7lqlvqEWQMlQxCRAoHBANAHb2knJtf+fmO3qP0ZuJiCu96aMZUv -v3baGUZaLdFflgYBUQXW+o2Y451puI7jJdAP8LcK1KwhB1dmIrvLR5gDNlAZxudq -zKwhZvDQ179oa4WDVDkm4AC1oMZTRifiSNIS9EQcGDdinUZKu70jdSWkFlOneCqC -5JpydSYoz+OvaGkC8xJo/jQkv388ZSQSyYdIR89HWQHqvcgsR2XlfV52oqX9ip5a -Ec3i+j3yJrDlE8bWJAc7kn5MpaW+Z5QAvQKBwQDCjk6APnTT1pdQKrjjsCS0p2NI -52h7KJ7F3iQKHR/l8gaDJ3mO/jKvPckhLcZjXbGKGeN7F2ThFj2d9OAOzoeiUqKc -gXYpb5BRQ4IZH7UTmCZl67lLr7iEm7vC2BQRSYAqJ8B4vwBZbrQBBRmWEMy/ES8o -SI8KlqQwxB/dvjT/Id0ECPDsj3SbRdNTPkxX/2lmGVVNcuXpTxBUNvjRm/1ATPgv -Z36hi3pFrRxJJVabuvqP9eKDvRE8+8XnvIAEn1sCgcEAiAtEveS/z2N8bmQOnK70 -fLCKgjIemOzn7qcE/nA9JH65UuYLgaEsq+s/d5NLAg7kjKPQDTSFDqhu76Y4ss1m -3a/EFjA1VuQOQ8d4VaaOYXu9TUwsiU+2EGC3atvMtoqSiuegXOZuo9HW/sAi9Lc6 -hko/26dau5psO+D8Yd8wzTrKMlqecfy9uYYKwf/SOPwcVV9crt5/A/Tq9fyXGLky -+tLk3V7pB1Pp7tYwRtCUovy8qT0jxKMd04D2l2TkwfKVAoHADH65OfFI7YX9p89m -mnDompWZgcgi5K4CLHEM3X1rXAhENM4nN3DJ7olITpIzCJSu31C0VGZ3OyGDiY59 -iVXoThuCiAykexrIKP/t7hEkPwLpjGgsOVkqv5GE6ImaGFYhHhP5f4e8zQGYG+yo -7QNdMvQ2lB682RA9sUgXR9V8b9pL6INufbLk6Uf9v33jx08HBOChoty7OVWzlcUG -C+g5xpRq6Bh8gIGFs83fYC8+tbe3eeFvz8gnwEPnPO/VRPa7AoHAOIImGT4AokNG -L8VGHdGWUFKBTaWh86LMbVzzbdRmBnqFKn3BrenNG8zcVD4FD8UQ0RYK48FqoTWS -b5YET2SSXDb8ImEvrfadJ4P1/McS0z5IkYNwWCGEIaupA90WdBafUm4rouBgU3LM -1HwMqPaqB9U0VWDFAOjeYlyHAT+3JZ0FoclJFKEwR3uNsTwaRGngUj5X/qTa8eAN -qwQQUnwImFCDS5kKkZhh98AimbQzaMCZunG3jlat6GN0xsuht/UC +MIIEogIBAAKCAQEA3cXEt9HhLg/HyqJDLHi8wSUl71y9ByOn99wCxu3C4vXF2Qbq +1u0Pm7Kx3qukYmcfD1k+WlJK+jSN7ad6UoqdKbCej0Tp5hDeYNa3E/9LENqEXORB +IgOo50tpB4AN70oGj77Vz6l6MGQ9yf4eCDjVSKqMQEjDbva1h48tAhSlxygbOKcs +oMrBGo/ny937gnb4oHZHLOZq6M/Tu0EVo+llq5kX59KXGrzfH1P9U5orC6ssYoXk +WOVlnpZyd5nQAuHZY9nSI+qB8ELlJ8weEwnpy7A9YtDGc0ovLUlc8dGo62tM8rJQ +3xG3XdRwUMHj+OUdq1FnrdhpyzHzsn3uRlsFjQIDAQABAoIBAG8AxWUIrUAj7+mx +7BN/X2MBmApGDetb4oACZHVznn+BawUlHDh1scFJ4RPGL+J9ISPKlJYa6KJx2bRh +hq136hBq8gJeCQD54oTwE/TzbHxEE8p3CU7gLBORQEHby53BHKWobFajyqAcHH1V +L20IHWFg1BB9Gy0YWWY/uNR4xz12G6NIRjwQSGKv9Qgxz7VwE7jn0BbYE3GzaCgb +x/CqJ5ED8ZGLK7BWLgnld6qYwRX7TExRLzyzEJ8WhjxavuO83dxKSgr4OgowuRqh +hgubcLcjdsvdjae+93wdXBvkKNX7GL6ksCViylQ6fZ1WesGuQBK9FWnDodaAgjdX +r0+KOqECgYEA389RP5PhYpnp0aZcFbfIwyI79VjsvZvHbpllRjJ5GSXfe4ceI0uz +6KVIUflrvEJxJhCustLYcGtU4VY5aanENDqN5/UBkUsBvocZwyf25mL8cGMSQ8h7 +huMbCgZFVwMHLa979d3QHJpUhk4AipKqKEX5GP3o6YaC3Mgr6VzI9lUCgYEA/atw +BuEsS031Qw7sYt37XBO2X+rPGl2oJbwpvglOlUd9m53wOv+N9Vwy0YWdtv4C0tqu +z3UY/US+flLC7urOS6l0kmZlOqQv6sBccQ7CSNaPZxT0Av8eXAjefk0vFfKBfcfj +Niku0HjGtPeaNemdBRMUfO2YjNb6ZONMIzbV2lkCgYBnq2tyLLjI6IxzLUEYWkIn +iTMGycMXbRIq++j6ZCTN7kofuQ3PwaA7Ulw2hHdQA+LPhAi4EoxpPn5ZxovfkuCs +ZLcYy9eHCpxrOb9IM7ndK9rM4Ec0mKgHaik7Mn5p+KAZnGCqGa3todsnPvhnN9qT +vx3MYsjBayowxJP6i50W5QKBgCu1CkxlJ9ihygyP2bL/RHwM+XN1ZdHJKVu3HAoe +WGfoNYBGqknAFpmcFTV8rDwHcD0caNpd9rxMx/XEFMpNstXekLNY6UA9YfQ0yLjC +Lj+WmIbOWWzawERjUtK4QdCqRB2D/2YpmmNZLAOqVevMIL3rF7Cez5YUxHf1ofy/ +SgGhAoGAaBDS2pwAxCGDa04drmC9CkqHuN3k4nyIFDdWDPHnbetWiG60XlRTMGrk +sirWOQkp0sxiKx7e+E0Gvh13PbU3SUQ+ymOTEblUK+plYwMKTbHRS9XZQJEB4Om4 +3y82RmIaP9TvfSsn0UZEKozHThnijSPa8BFJbkKK8lxT0sOFK3Y= -----END RSA PRIVATE KEY----- diff --git a/test/h2/key.pem b/test/h2/key.pem index 08bc24c2..55010937 100644 --- a/test/h2/key.pem +++ b/test/h2/key.pem @@ -1,39 +1,6 @@ ------BEGIN RSA PRIVATE KEY----- -MIIG5AIBAAKCAYEAsIV0syyRO56BvIOro4bIqB6iFJsNc4zX8MiM4QPTWgqGlYws -KSVmNppTdlACZCJIqyzoscrFqJPto8/e2Fc3oaTdEREGIs7cmc7LSXfot/mAgPpy -71SVWtb7xNmXro2JJPZjRBCSpl1ulPug+/8w7fSKQdLMjh4Hp2YlwVBfVu0bYEEW -+7Vl9PZVTv+NbTqXYvYVc9R6QFIbN/njWAuo2wpjJlY7vqNnSYZyskAaaAC17fFJ -kVQKKblTeTk1C9PxTmVTB1j9yOoD3+V/6IrTYKXdTHGJ1MqdieTHj1jHXe5TOeSB -+Hjgq4tr25mPfQ4ixXqDqIcx5390DAjInuSKNUJ5pqiFrVe9eIDmySZCg5/JIL3c -8phy6g1bxiJN14+Dn0om/0+9UrHK8LVzWMmtFRVycWVUYmARWFY3EE10k0RXU2Ht -zmjfnBkRrl13b0ExizlA1qJ33ngxF5rNEDSMpwf4og5uYOjRUPYuvCL9XtQKr254 -NFO/sg/qqPV4hFWTAgMBAAECggGAH6SMuuGuVyWe1BA2YGX06k4zd8Yjryb8Pql0 -t5Fb/bQNVBmAgQ+3NuqLM5Y8F38dz7GJNPXIYOPDoa3NoLJhwpQvHLQUiYDTgq7T -OiRIj1ImevhqSgS7kUEgeLUYv62XfAy+1qCx6Siuff5taT7hooZHkm0bRg6UCKoC -8phZvtdaJPMGD7EAydyuhi7BR2dNY+wBBHZ+Q7F0N6CP5GSSrFE8XM7wfsgD5+Y2 -AUYEdchK1JCAQ5DxEXGrSPu8SpZ/SuhMjLc3/JDwB8SZPT0C1jX7YMeUiPONy9VK -J6Fdnl0FMhS9VJHocL4o5IU9OLoahAcpq/Z25arm9z7yyxUoO4nVUAl3H9N7+N7A -cwpbSgMld15bQ9iPV8MCB/eVKzfgLbWuhpZr6h6oJF9pgIq9DDCK/mc9KYzSGd1J -dOVuizi0dMYS+iOJRFR3kIrNW7dGCecniigZfrrprqqkycl7823VTi0zIU4CHbDm -ypu/b8sbs+h6mHN71muWAlmChz3hAoHBAN5Cm3ZZeQJj/p7Kb3sn6WAXlRqnnDz9 -fJDaa3788o4VQ3ie4odDNzALF7bHhYnfovXWrh/4XGkjiW98GPczpEFEdYF9gCGO -mAaHV/unvtjbGF7Wk3xjgaXwPeKXGU8vZrQ4y41u5eZWpA1fwSK3T+AQ79t4R2jr -kRgFz7iIJ8iQGleI+F9X4PRjhoOSsdaUkJRB6pxvxcsiYIKxDi7VScTx8iD0pgwn -tgcQ0do1A0ZQsnJMtBnfIj1/J0sSMHEE9QKBwQDLUVyLmVjv0apqDxnNCw0laIFm -ofp7S/q4pXfDDg3SqrM05Wgm4CHijzKzoqvFLILQvI004LShRcNXTMAsAbbIRzcY -YbEOYytHB+k9WfEjAFJkNM4qB4w8erELKwnvjflodLgBw9k97cybhYIZCnwWIIHp -SwXPT9AI5Ck8E6wifo1nWjpgMZtg5PaH6yfGa+o+ahmetKoU+4ENzVeU95XuKbVa -x/6UW+wNbPqo3oEfV/K25U6WGHoGfX2X8wn/m2cCgcEAnlABXi5i9GH3ZnG5MJcA -M3L4wNCsiADirmb19LEFsFDTC2LY5hHpiG4OSSIbK1bBQ6zTwG/umvE2HtPdEI+X -KuoxbLfRAZYJEXVsJROZ6+s7k6nxycMzANh7rB+GZpHT7QEbdDWOyh/ioKgY8Lpz -yZ0mzEQDUWehpOPWzpElDUYfjURB7d+xm0Ic+TEPPVH7Ha9KBn3S/FsTNWQaPx+r -eP4BQpoggD30+VlwsKXcHES0ppeeHWODhxxAB8f/+zDVAoHBALJY3GVYTruPn30J -YgiK+S0nTttImwAs1fHCtBtV6KozMp/j3Ei9svuZwU/yEdsUAGw5+WO4+Lm/CGs7 -2BbCKiPk1F9+0mFcfEoCloZKr0uUrLFZ4L7dgBZNSaASUNTiJTWLrR1fPuEkB6ck -pcpxeAew3ERYmvAPgt1JxyH737Mib8eJTkuzOCj2r4rqrClR4Fh/mZmtwMRHGh2R -UpJJ3CreS0cmyBo7yAS+4+HdzEZCT5Y/73+aWO/4hIMVnl+pYQKBwCpUb85zm5zg -UnZ8nBS22FLGTcvBs8hbyXUtioSNadNteuqk6jsN2F+Pwsh6eHbVHW4Lu9j6Gn+J -S1ss/ztgGkErvQF/9DpxMeYt01FpvZaUJthThQVQ9xvr9i7utgthtdspNvQ0fux1 -9Xg2fhLnDz707PUt7OhmVW7d+XOfoc19mYZlN0IOHsqMUMphIW97Lp5QWlZXxr23 -Zrv2j5mTvv3Fq2TRDNfz5dwijFMvv7kpGfHA1950ZIbobQvYYsoC7A== ------END RSA PRIVATE KEY----- +-----BEGIN EC PRIVATE KEY----- +MIGkAgEBBDBz4/RQhZfObYcjS4t5bZthw0Pj6YliqI357mdB6hfiQgMdTB8v7jnO +Scbil+Rri0+gBwYFK4EEACKhZANiAATuIjYTl60Cznfqz5JRXccpl4rnmIdRjpfg +8d4+PK83E4Jnoa9sSs5daq6ZTj6/NVERbXC820ZcC2/P+Gwcg8nsR0ohfRA8BOaz +Y2mUJtoWVTEcGlTOGU26WGyhXlqOfvI= +-----END EC PRIVATE KEY----- diff --git a/test/h3/config.xml b/test/h3/config.xml index 7896528a..8da8679e 100644 --- a/test/h3/config.xml +++ b/test/h3/config.xml @@ -1,6 +1,6 @@ - + 1 @@ -16,7 +16,7 @@ - + 1 @@ -35,7 +35,7 @@
tcp://127.0.0.1:22001
 - +
tcp://127.0.0.1:22002
 diff --git a/test/util.go b/test/util.go index 8b08aa69..99db0a21 100644 --- a/test/util.go +++ b/test/util.go @@ -37,7 +37,7 @@ func init() { const ( id1 = "I6KAH76-66SLLLB-5PFXSOA-UFJCDZC-YAOMLEK-CP2GB32-BV5RQST-3PSROAU" - id2 = "JMFJCXB-GZDE4BN-OCJE3VF-65GYZNU-AIVJRET-3J6HMRQ-AUQIGJO-FKNHMQU" + id2 = "MRIW7OK-NETT3M4-N6SBWME-N25O76W-YJKVXPH-FUMQJ3S-P57B74J-GBITBAC" id3 = "373HSRP-QLPNLIE-JYKZVQF-P4PKZ63-R2ZE6K3-YD442U2-JHBGBQG-WWXAHAU" apiKey = "abc123" )