olleolleolle
commented
4 years ago This would be a HTTPI gem setting, so try searching it's codebase for SSL cipher settings. (Quick guess.)
Closed marcoschicote closed 2 years ago
olleolleolle
commented
4 years ago This would be a HTTPI gem setting, so try searching it's codebase for SSL cipher settings. (Quick guess.)
marcoschicote
commented
4 years ago This would be a HTTPI gem setting, so try searching it's codebase for SSL cipher settings. (Quick guess.)
Thanks @olleolleolle. I couldn't find anything on HTTPI but found this. Is this v3?
stale[bot]
commented
3 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
marcosdemelo
commented
2 months ago @marcoschicote some solution for the error? Thanks!
marcosdemelo
commented
2 months ago @olleolleolle Could you guide me in the search for overcoming this error? I am currently facing it in the latest versions of the gem. Thanks!
Hi When I execute
Savon.client(wsdl: 'https://aws.afip.gov.ar/sr-padron/webservices/personaServiceA5?WSDL', ssl_version: :TLSv1_2, log: true, log_level: :debug, ssl_verify_mode: :none, soap_version: 2)I get
SSL_connect returned=1 errno=0 state=error: dh key too small (HTTPI::SSLError)I can reproduce this error using curl. Executing:
curl -vvv https://aws.afip.gov.ar/sr-padron/webservices/personaServiceA5?WSDLreturns
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too smallHowever, executing
curl -vvv --cipher 'DEFAULT:!DH' https://aws.afip.gov.ar/sr-padron/webservices/personaServiceA5?WSDLdoes not return an error. I was able to modify
openssl.confdoingecho "CipherString=DEFAULT@SECLEVEL=1" >> /etc/ssl/openssl.cnfand this fixes the problem. However, I would like to setup Savon so that DH is not used specifically on that WS. Is that possible? Can you guide me in the right direction?
Thanks