Bug#920371: telnetd-ssl: SSL_CTX_use_certificate, ee key too small

[Marcos Marado]

Hi there,

A tested fix can be seen found here:
https://github.com/marado/netkit-telnet-ssl/commit/196297b250181159e8c9f975eb71d45046235c79

Best regards,
-- 
Marcos Marado

Bug#920371: telnetd-ssl: SSL_CTX_use_certificate, ee key too small

[Marcos Marado]

Hi,

FYI, there is more info about this issue on
https://github.com/debauchee/barrier/issues/126 .

Best regards,
-- 
Marcos Marado

Bug#920371: telnetd-ssl: SSL_CTX_use_certificate, ee key too small

[Brian Minton]

Package: telnetd-ssl
Version: 0.17.41+0.2-3.1
Severity: normal

Dear Maintainer,

I installed telnetd-ssl.  It generated a key and self-signed certificate
in /etc/telnetd-ssl/telnetd.pem, which has 1024 bit RSA key.  This
caused an error when attempting to connect:

$ telnet localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Error loading CRT /etc/telnetd-ssl/telnetd.pem: SSL_CTX_use_certificate,
ee key too small
do_ssleay_init() failed
140636104001344:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee
key too small:../ssl/ssl_rsa.c:310:
Connection closed by foreign host.


I can see that there's a generated cnf file too, which includes the line
default_bits= 1024


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-1-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages telnetd-ssl depends on:
ii  adduser   3.118
ii  libc6 2.28-5
ii  libssl1.1 1.1.1a-1
ii  openbsd-inetd [inet-superserver]  0.20160825-3
ii  openssl   1.1.1a-1
ii  passwd1:4.5-1.1

telnetd-ssl recommends no packages.

telnetd-ssl suggests no packages.

-- no debconf information