gdubin
commented
3 years ago We are aware of the issue and have an open suggestion in the ARIN Consultation and Suggestion Process (ACSP) to address it. This will hopefully be addressed in the near future. In the meantime, the DH keys are rolled on a regular basis by the vendor-supplied solution we use to front our directory service applications. Thank you for pointing this out.
I just noticed this in my tests using openssl 1.1.1f
Example URL (using Python): http://rdap.arin.net/bootstrap/ip/2001:4860:4860::8888
Error: <urlopen error [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1108)>
I believe this is due to a weak key on the server side. See here: https://weakdh.org/