Crash: SSL error "dh key too small"

[doomguy]

I have an issue with some sites, that makes scanning impossible:

kali@kali:~/bin/Typo3Scan$ ./typo3scan.py -d https://www.example.com/

=========================================================================

   ________                   ________   _________                                                                                                                                                                                       
   \_    _/__ __ ______  _____\_____  \ /   _____/ ____ _____    ___                                                                                                                                                                     
     |  | |  |  |\____ \|  _  | _(__  < \_____  \_/ ___\\__  \  /   \                                                                                                                                                                    
     |  | |___  ||  |_) | (_) |/       \/        \  \___ / __ \|  |  \                                                                                                                                                                   
     |__| / ____||   __/|_____|________/_________/\_____|_____/|__|__/                                                                                                                                                                   
          \/     |__|                                                                                                                                                                                                                    

                     Automatic Typo3 enumeration tool                    
                               Version 0.6                               
                         https://github.com/whoot                        
=========================================================================

[ Checking https://www.example.com/ ]                                                                                                                                                                                                 
-------------------------------------------------------------------------                                                                                                                                                                
HTTPSConnectionPool(host='www.example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_ske_dhe', 'dh key too small')])")))
Traceback (most recent call last):
  File "./typo3scan.py", line 187, in <module>
    main.run()
  File "./typo3scan.py", line 67, in run
    check.check_root()
  File "/home/kali/bin/Typo3Scan/lib/domain.py", line 80, in check_root
    if re.search('powered by TYPO3', response['html']):
TypeError: 'NoneType' object is not subscriptable

(Output modified for privacy reasons)

It seems to be related to python and openssl, but I was not able to find a solution so far.

My system:

root@kali:~# uname -a
Linux kali 5.4.0-kali4-amd64 #1 SMP Debian 5.4.19-1kali1 (2020-02-17) x86_64 GNU/Linux

root@kali:~# apt dist-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

root@kali:~# openssl
OpenSSL> version
OpenSSL 1.1.1d  10 Sep 2019

root@kali:~# pip list | grep -i openssl
pyOpenSSL                    19.1.0 

Any ideas on how to get around this?

[doomguy]

Found a similar problem here: https://github.com/sundowndev/PhoneInfoga/issues/16 After doing this:

python3 -m pip install --ignore-installed pyOpenSSL --upgrade

Typo3Scan always returns:

kali@kali:~/bin/Typo3Scan$ ./typo3scan.py --domain www.example.com
...
[Checking www.example.com ]                                                                                                                                                                                                           
-------------------------------------------------------------------------                                                                                                                                                                
No host specified.

[whoot]

Hey,

thanks for submitting this issue. This is something I havent seen at all and it seems to be related to pyOpenSSL. I will try to fix this, but I may need more information about the host to replicate the issue.

[whoot]

Since this is not tool related, I cant do much.