----- Original Message ----- From: "Sebastian Andrzej Siewior" To:"Arthur Marsh" , Cc: Sent:Mon, 20 Jun 2022 19:16:36 +0200 Subject:Re: Bug#1012564: openssl: ckermit can't connect to telnetd-ssl with openssl 3.0.3-7
On 2022-06-20 19:10:27 [+0200], To Arthur Marsh wrote: > I have here > telnet-ssl 0.17.41+0.2-3.3+b1 > telnetd-ssl 0.17.41+0.2-3.3+b1 > libssl3 3.0.3-8 > openssl 3.0.3-8 adding ckermit 305~alpha07-1+b1 When upgrading telnetd-ssl (017.41+0.2-3.3+b1) over (0.17.41+0.2-3.3)I received the line:You already have /etc/telnetd-ssl/telnetd.pem After upgrading both telnetd-ssl as above and openssl (3.0.3-8) over (3.0.3-6),I still had telnet-ssl localhost failing:$ telnet-ssl localhost Trying ::1... Connected to localhost. Escape character is '^]'. Error loading CRT /etc/telnetd-ssl/telnetd.pem: , ee key too small do_ssleay_init() failed 408788F4E87F0000:error:0A00018F:SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:221: Connection closed by foreign host.ckermit run as a symbolic link from telnet also was unsuccessful:$ telnet localhost DNS Lookup... Trying 127.0.0.1... Reverse DNS Lookup... (OK) localhost connected on port telnet ?Connection closed by peer. can't open host connection Closing localhost:23...OK I renamed /etc/telnetd-ssl/telnetd.pem to /etc/telnetd-ssl/oldtelnetd-ssl.pem and re-installed telnetd-ssl 0.17.41+0.2-3.3+b1telnetd-ssl still failed:$ telnet-ssl localhost xprop: unable to open display '127.0.0.1:0' Trying ::1.. Connected to localhost. Escape character is '^]'. telnetd: SSL required - connection rejected. Connection closed by foreign host. but ckermit run as a symbolic link from telnet now works:$ telnet localhost xprop: unable to open display '127.0.0.1:0' DNS Lookup... Trying 127.0.0.1... Reverse DNS Lookup... (OK) localhost connected on port telnet Authenticating with SSL Warning: Server has a self-signed certificate [0] Certificate Subject= O=Internet Widgits Pty Ltd OU=am64 telnetd CN=am64 emailAddress=root@am64 [0] Certificate Issuer= O=Internet Widgits Pty Ltd OU=am64 telnetd CN=am64 emailAddress=root@am64 Continue? (Y/N) y [TLS - TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(25 6) Mac=AEAD Compression: None Password: This solves the issue I was having and the /etc/telnetd-ssl/telnetd.pem "ee key too small" may be a clue to what was causing problems for me.Thanks for your time looking at this.Arthur Marsh.