Closed secynic closed 3 years ago
We are aware of the issue and have an open suggestion in the ARIN Consultation and Suggestion Process (ACSP) to address it. This will hopefully be addressed in the near future. In the meantime, the DH keys are rolled on a regular basis by the vendor-supplied solution we use to front our directory service applications. Thank you for pointing this out.
This should now be resolved.
I just noticed this in my tests using openssl 1.1.1f
Example URL (using Python): http://rdap.arin.net/bootstrap/ip/2001:4860:4860::8888
Error: <urlopen error [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1108)>
I believe this is due to a weak key on the server side. See here: https://weakdh.org/