Ssl Operation Failed with Code 1: Dh Key Too Small

SSL operation failed with code 1: dh key too small

... error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

The error number you are interested in is the OpenSSL error 0x14082174.

The SSL3_CHECK_CERT_AND_ALGORITHM is usually seen when enabling export grade ciphers. It may be showing up again in non-export grade negotiations due to Logjam (see below).

I'm assuming DH Key is too small is the main problem, but I have no idea what that means. I've googled Diffie–Hellman key exchange, along with the message "key too small" but I haven't had much luck.

That's due to the recent Logjam attack from the paper Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice.

You should use 2048-bit Diffie-Hellman groups or larger. You should not be using 512-bit or 1024-bit Diffie-Hellman groups.

The first thing to check for is your cipher list string. It should be similar to:

"HIGH:!aNULL:!MD5:!RC4"

It will avoid the export grade ciphers, and use modern ciphers. But you will also need to ensure your DH callback is not using a weak/small field size. For that, you need to check the server configuration.

Some folks are "solving" the issue with kRSA. kRSA is a key transport scheme, not a key agreement scheme. The RSA key transport scheme does not provide forward secrecy, and its use is usually discouraged. In fact, its going to be removed from TLS 1.3.

I can only say "usually discouraged" because it depends on the data being protected. If you have SSL/TLS to guard downloads of a publicly available file, then its probably OK to use. If your website has a login, then its probably a little risky to use it because the password is secret data (unlike the publicly downloadable file).

To avoid key transport and pass those Qualsys SSL Labs tests for web server configurations and forward secrecy, use:

"HIGH:!aNULL:!kRSA:!MD5:!RC4"

In your Apache configuration file, it would look like so:

# cat /etc/httpd/conf.d/ssl.conf | grep SSLCipherSuite
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCipherSuite HIGH:!aNULL:!kRSA:!MD5:!RC4

I seem to recall wget rejected small groups quite some time before the paper was released. It might make a good test case for your site.

There's also an improved sslscan, which tests for lots of things. That might make a good QA tool, too.

OpenSSL DH Key Too Small Error

... SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

I have looked in to using LWP and raw Net:SSLeay, but the problem seems to be in the underlying OpenSSL libs.

While it is caused by changes to OpenSSL the problem is actually at the server side. The server is using a weak DH key within the key exchange and recent versions of OpenSSL enforce a non-weak DH key because of the Logjam attack.

If the server supports ciphers which don't use DH key exchange you can work around the problem by restricting the ciphers offered by the client so that they don't include any DH ciphers.

my $sock = IO::Socket::SSL->new(..., SSL_cipher_list => 'DEFAULT:!DH' ...);

Apart from that simply disabling any validation like you do is bad:

    ...
    verify_hostname => 0,   
    SSL_verify_mode => SSL_VERIFY_NONE,
    SSL_verifycn_scheme => undef

For one, verify_hostname is not a valid parameter at all (this is for LWP only). Also, you don't need to set a SSL_verifycn_scheme if you disable validation with SSL_verify_mode since no validation also means no validation of the certificates subject.

But much better than disabling validation would be to use SSL_fingerprint to specify which certificate you expect and thus have a proper check even for self-signed or expired certificates. See common usage errors in the IO::Socket::SSL documentation for more information.

Boost SSL-Server fails with SSLv3-error

context_.use_tmp_dh_file("CERTS/dh512.pem");
... dh key too small:s3_clnt.c:3329:"

You are using a DH key of only 512 bit. Such keys are considered too weak and the handshake will fail with newer versions of TLS libraries. You should better use a 2048 bit DH key instead or even better use ciphers with ECDHE.

For more details on the problem see Logjam Attack.

dh key too small with Savon ruby gem

ups! changes in /etc/ssl/openssl.cnf required to restart ruby processes, after restarting error is gone!

how to fix stream_socket_enable_crypto(): SSL operation failed with code 1

Try changing the app/config/email.php

smtp to mail


Related Topics

Laravel - HTMLspecialchars() Expects Parameter 1 to Be String, Object Given

Fix Malformed Xml in PHP Before Processing Using Domdocument Functions

Nested Array. Third Level Is Disappearing

Back to Previous Page with Header( "Location: " ); in PHP

CSV to Associative Array

PHP Absolute Path to Root

How to Send Cookies Using PHP Curl in Addition to Curlopt_Cookiefile

Get Orders Shipping Items Details in Woocommerce 3

Deep Recursive Array of Directory Structure in PHP

Get VS. Post Best Practices

Utf-8 Encoded HTML Pages Show Questions Marks Instead of Characters

Populate Another Select Dropdown from Database Based on Dropdown Selection

How to Set Cookies for Uuid

Should I Use Eav Model

How to Update/Edit a JSON File Using PHP

Complete Mail Header

How to Generate Unique Id in MySQL

Regex for Names with Special Characters (Unicode)


Leave a reply



Submit