X25519 is not supported by this version of OpenSSL

DougAmes · October 14, 2020, 3:20pm

I’m trying to update from an older version of HA to the latest 0.116, running on Armbian Ubuntu 18.04 platform, Python virtual env. I have the new version starting successfully now, more-or-less, but with a ton of problems to resolve.

The first major issue is that I get this error repeated many times on startup.

Traceback (most recent call last):
  File "/srv/ha/lib/python3.8/site-packages/aiohomekit/controller/ip/connection.py", line 509, in _reconnect
    return await self._connect_once()
  File "/srv/ha/lib/python3.8/site-packages/aiohomekit/controller/ip/connection.py", line 580, in _connect_once
    request, expected = state_machine.send(None)
  File "/srv/ha/lib/python3.8/site-packages/aiohomekit/protocol/__init__.py", line 326, in get_session_keys
    ios_key = x25519.X25519PrivateKey.generate()
  File "/srv/ha/lib/python3.8/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py", line 40, in generate
    raise UnsupportedAlgorithm(
cryptography.exceptions.UnsupportedAlgorithm: X25519 is not supported by this version of OpenSSL.

It appears to be some new dependency in the Homekit integration, something to do with OpenSSL. I haven’t been able to find any specific advice on resolving this problem.

OpenSSL version on this system produces “OpenSSL 1.1.1 11 Sep 2018”. I could try updating to a new version of OpenSSL, but I don’t want to try that at random because updating OpenSSL appears to be non-trivial due to the security requirements (e.g., https://medium.com/@brunoosiek/updating-openssl-latest-and-greatest-version-in-ubuntu-18-04-8f10ba4e2377). I worry that it might break my access to the system if it goes wrong, and turn out to be for nothing if it doesn’t actually resolve this issue.

Thoughts, suggestions?

DougAmes · October 16, 2020, 2:36pm

Nobody had any ideas on this one, so I went ahead and tried the OpenSSL upgrade to version 1.1.1g. A very lengthy process involving building OpenSSL from source on my platform. I successfully built and installed the new version, but it wouldn’t run, so in the end this broke OpenSSL without accomplishing anything. The comments on the problem I encountered were along the lines of “updating to a new version of OpenSSL on an existing system is problematic at best due to the many dependencies, better to upgrade the system”.
At this point I think I’m going to give up on updating HA 0.92 to 0.116. I don’t think it’s practical. There seems to be more new dependencies and breaking changes than it is possible to deal with. I’ll just have to pray that 0.92 doesn’t break too badly due to external service changes until such future date as I buy a new system to run HA, and then start over from scratch at that time.

nick2525 · January 25, 2021, 6:33pm

Hello, we have same problems and created bug to HA, https://github.com/home-assistant/core/issues/45363

nick2525 · January 25, 2021, 6:35pm

@DougAmes please post your logs in bug on github