Open mariagould opened 4 years ago
Reported via user:
Today we discovered that ezid.cdlib.org is not compatible with the Debian buster OpenSSL v1.1.1c default configuration.
$ openssl version OpenSSL 1.1.1c 28 May 2019
$ openssl version
OpenSSL 1.1.1c 28 May 2019
$ curl -I https://ezid.cdlib.org/ curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
$ curl -I https://ezid.cdlib.org/
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
We made the configuration change suggested at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907788 -- i.e., commenting out the line:
# CipherString = DEFAULT@SECLEVEL=2
We can use this workaround, but wonder if the EZID is able to upgrade SSL support in the near future.
User needs 1.1 and we have 1.0. Marisa has been in touch with IAS and they are waiting on information from AWS about upgrading. Last status update: March 13 2020.
Reported via user:
Today we discovered that ezid.cdlib.org is not compatible with the Debian buster OpenSSL v1.1.1c default configuration.
$ openssl version
OpenSSL 1.1.1c 28 May 2019
$ curl -I https://ezid.cdlib.org/
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
We made the configuration change suggested at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907788 -- i.e., commenting out the line:
# CipherString = DEFAULT@SECLEVEL=2
We can use this workaround, but wonder if the EZID is able to upgrade SSL support in the near future.