Subject: SSL_connect returned=1 errno=0 state=error: dh key too small

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Subject: SSL_connect returned=1 errno=0 state=error: dh key too small

Marcelo Lauxen
  Our server runs with DH key size of 2048 bits and we are trying to make requests with httparty(https://github.com/jnunemaker/httparty) to a server that uses DH key size of 1024 bits, i want to now for what reason we are getting this error SSL_connect returned=1 errno=0 state=error: dh key too small, it's because different DH key sizes? 🤔

We haven't control of the server who are using DH key size of 1048 bits.

I've opened the same issue on httparty https://github.com/jnunemaker/httparty/issues/664, but seems not a problem with httparty and something with OpenSSL.

Currently our server is using OpenSSL 1.1.1c, but before we was using OpenSSL 1.1.0j and this error doesn't happen. Is OpenSSL blocking the communication between our server who uses DH 2048 bits and the other server who uses DH 1024 bits (weak Diffie-Hellman)? If yes, is it reported in somewhere?



How we can handle with this? 
I would be happy if anyone can help me with this. :( 

Att, Marcelo.

Reply | Threaded
Open this post in threaded view
|

Re: Subject: SSL_connect returned=1 errno=0 state=error: dh key too small

Hubert Kario
On Wednesday, 28 August 2019 23:20:49 CEST Marcelo Lauxen wrote:

>   Our server runs with DH key size of 2048 bits and we are trying to make
> requests with httparty(https://github.com/jnunemaker/httparty) to a server
> that uses DH key size of 1024 bits, i want to now for what reason we are
> getting this error SSL_connect returned=1 errno=0 state=error: dh key too
> small, it's because different DH key sizes? 🤔
>
> We haven't control of the server who are using DH key size of 1048 bits.
>
> I've opened the same issue on httparty
> https://github.com/jnunemaker/httparty/issues/664, but seems not a problem
> with httparty and something with OpenSSL.
>
> Currently our server is using *OpenSSL 1.1.1c*, but before we was
> using *OpenSSL
> 1.1.0j* and this error doesn't happen. Is OpenSSL blocking the
> communication between our server who uses DH 2048 bits and the other server
> who uses DH 1024 bits (weak Diffie-Hellman)? If yes, is it reported in
> somewhere?
>
> Our server SSL Labs results:
> https://www.ssllabs.com/ssltest/analyze.html?d=web.monde.com.br&latest
>
> Server who we are trying make requests:
> https://www.ssllabs.com/ssltest/analyze.html?d=webservices.voeazul.com.br&la
> test
that server is willing to negotiate ECDHE_RSA ciphers, you'd be better off
disabling ciphers that use DHE and RSA key exchange and using ECDHE_RSA
instead of trying to make 1024 bit work – it really is weak and should not be
used (see also: LOGJAM)


--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Subject: SSL_connect returned=1 errno=0 state=error: dh key too small

Salz, Rich
In reply to this post by Marcelo Lauxen
  • We haven't control of the server who are using DH key size of 1048 bits.

In order to work with this kind of server (terribly poor security characteristics), you need to add “@SECLEVEL=0” to your OpenSSL configuration.

 

Reply | Threaded
Open this post in threaded view
|

Re: Subject: SSL_connect returned=1 errno=0 state=error: dh key too small

Marcelo Lauxen
Thank you guys for the answers!

I've another question, based on your suggestion Salz Rich, this config @SECLEVEL can be set per host/domain, or is it impossible? 

On Thu, Aug 29, 2019 at 12:38 PM Salz, Rich <[hidden email]> wrote:
  • We haven't control of the server who are using DH key size of 1048 bits.

In order to work with this kind of server (terribly poor security characteristics), you need to add “@SECLEVEL=0” to your OpenSSL configuration.

 

Reply | Threaded
Open this post in threaded view
|

Re: Subject: SSL_connect returned=1 errno=0 state=error: dh key too small

OpenSSL - User mailing list
  • I've another question, based on your suggestion Salz Rich, this config @SECLEVEL can be set per host/domain, or is it impossible? 

 

It totally depends on which webserver you are running and what it’s configuration allows. I’m not able to answer webserver config questions BTW.

Reply | Threaded
Open this post in threaded view
|

Re: Subject: SSL_connect returned=1 errno=0 state=error: dh key too small

OpenSSL - User mailing list
In reply to this post by Hubert Kario
On 29/08/2019 17:05, Hubert Kario wrote:
> On Wednesday, 28 August 2019 23:20:49 CEST Marcelo Lauxen wrote:
>> ...
> that server is willing to negotiate ECDHE_RSA ciphers, you'd be better off
> disabling ciphers that use DHE and RSA key exchange and using ECDHE_RSA
> instead of trying to make 1024 bit work – it really is weak and should not be
> used (see also: LOGJAM)
>
>
Where in the LOGJAM papers does it say that 1024 bit DH is too little,
provided the group is not shared among millions of servers?

Where, does it reliably say that ECDH with a choice of very few published
groups is more secure than DH with random group parameters shared among
a much smaller number of connections and servers?

Also note that the following factors make it necessary to support
traditional DHE for compatibility:

1. Red Hat OpenSSL builds until a few years ago disabled EC support.

2. Microsoft (and the TLS protocol specs themselves) until fairly
   recently allowed ECDHE only with (EC)DSA server certificates, which
   are not as easily available as RSA certs.

3. The "supported groups" TLS extension cannot be used without jamming
   the TLS clients into a short list of fixed DH groups.  Thus servers
   have to ignore that extension and use heuristic guesses to choose the
   DH strength.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded