Closed marcoschicote closed 2 years ago
This would be a HTTPI gem setting, so try searching it's codebase for SSL cipher settings. (Quick guess.)
This would be a HTTPI gem setting, so try searching it's codebase for SSL cipher settings. (Quick guess.)
Thanks @olleolleolle. I couldn't find anything on HTTPI but found this. Is this v3?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
@marcoschicote some solution for the error? Thanks!
@olleolleolle Could you guide me in the search for overcoming this error? I am currently facing it in the latest versions of the gem. Thanks!
Hi When I execute
Savon.client(wsdl: 'https://aws.afip.gov.ar/sr-padron/webservices/personaServiceA5?WSDL', ssl_version: :TLSv1_2, log: true, log_level: :debug, ssl_verify_mode: :none, soap_version: 2)
I get
SSL_connect returned=1 errno=0 state=error: dh key too small (HTTPI::SSLError)
I can reproduce this error using curl. Executing:
curl -vvv https://aws.afip.gov.ar/sr-padron/webservices/personaServiceA5?WSDL
returns
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
However, executing
curl -vvv --cipher 'DEFAULT:!DH' https://aws.afip.gov.ar/sr-padron/webservices/personaServiceA5?WSDL
does not return an error. I was able to modify
openssl.conf
doingecho "CipherString=DEFAULT@SECLEVEL=1" >> /etc/ssl/openssl.cnf
and this fixes the problem. However, I would like to setup Savon so that DH is not used specifically on that WS. Is that possible? Can you guide me in the right direction?
Thanks