savonrb / savon

Heavy metal SOAP client
https://www.savonrb.com
MIT License
2.07k stars 616 forks source link

Force Savon not to use DH #940

Closed marcoschicote closed 2 years ago

marcoschicote commented 4 years ago

Hi When I execute

Savon.client(wsdl: 'https://aws.afip.gov.ar/sr-padron/webservices/personaServiceA5?WSDL', ssl_version: :TLSv1_2, log: true, log_level: :debug, ssl_verify_mode: :none, soap_version: 2)

I get

SSL_connect returned=1 errno=0 state=error: dh key too small (HTTPI::SSLError)

I can reproduce this error using curl. Executing:

curl -vvv https://aws.afip.gov.ar/sr-padron/webservices/personaServiceA5?WSDL

returns

curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

However, executing

curl -vvv --cipher 'DEFAULT:!DH' https://aws.afip.gov.ar/sr-padron/webservices/personaServiceA5?WSDL

does not return an error. I was able to modify openssl.conf doing

echo "CipherString=DEFAULT@SECLEVEL=1" >> /etc/ssl/openssl.cnf

and this fixes the problem. However, I would like to setup Savon so that DH is not used specifically on that WS. Is that possible? Can you guide me in the right direction?

Thanks

olleolleolle commented 4 years ago

This would be a HTTPI gem setting, so try searching it's codebase for SSL cipher settings. (Quick guess.)

marcoschicote commented 4 years ago

This would be a HTTPI gem setting, so try searching it's codebase for SSL cipher settings. (Quick guess.)

Thanks @olleolleolle. I couldn't find anything on HTTPI but found this. Is this v3?

stale[bot] commented 3 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

marcosdemelo commented 2 months ago

@marcoschicote some solution for the error? Thanks!

marcosdemelo commented 2 months ago

@olleolleolle Could you guide me in the search for overcoming this error? I am currently facing it in the latest versions of the gem. Thanks!