On 29/08/2019 17:05, Hubert Kario wrote:
On Wednesday, 28 August 2019 23:20:49 CEST Marcelo Lauxen wrote:
...
that server is willing to negotiate ECDHE_RSA ciphers, you'd be better off
disabling ciphers that use DHE and RSA key exchange and using ECDHE_RSA
instead of trying to make 1024 bit
* I've another question, based on your suggestion Salz Rich, this config
@SECLEVEL can be set per host/domain, or is it impossible?
It totally depends on which webserver you are running and what it’s
configuration allows. I’m not able to answer webserver config questions BTW.
Thank you guys for the answers!
I've another question, based on your suggestion Salz Rich, this
config @SECLEVEL can be set per host/domain, or is it impossible?
On Thu, Aug 29, 2019 at 12:38 PM Salz, Rich wrote:
>
>- We haven't control of the server who are using DH key size of 1048
>
On Wednesday, 28 August 2019 23:20:49 CEST Marcelo Lauxen wrote:
> Our server runs with DH key size of 2048 bits and we are trying to make
> requests with httparty(https://github.com/jnunemaker/httparty) to a server
> that uses DH key size of 1024 bits, i want to now for what reason we are
>
* We haven't control of the server who are using DH key size of 1048 bits.
In order to work with this kind of server (terribly poor security
characteristics), you need to add “@SECLEVEL=0” to your OpenSSL configuration.
Our server runs with DH key size of 2048 bits and we are trying to make
requests with httparty(https://github.com/jnunemaker/httparty) to a server
that uses DH key size of 1024 bits, i want to now for what reason we are
getting this error SSL_connect returned=1 errno=0 state=error: dh key too
