Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERROR OpenSSL::SSL::SSLError: SSL_CTX_use_certificate: ee key too small #12

Open
Jvlythical opened this issue Feb 18, 2021 · 3 comments
Open

ERROR OpenSSL::SSL::SSLError: SSL_CTX_use_certificate: ee key too small #12

Jvlythical opened this issue Feb 18, 2021 · 3 comments

Comments

@Jvlythical
Copy link

Jvlythical commented Feb 18, 2021
edited

Are there any guesses as to why I might be seeing this error message?

Steps to reproduce:

  1. Create and run:
require 'evil-proxy'

proxy = EvilProxy::MITMProxyServer.new Port: 8080
proxy.start
  1. Run:
https_proxy=http://localhost:8080 curl https://google.com

Error in log:

[2021-02-17 23:54:02] ERROR OpenSSL::SSL::SSLError: SSL_CTX_use_certificate: ee key too small
	/home/jvlarble/.rvm/rubies/ruby-2.4.0/lib/ruby/2.4.0/openssl/ssl.rb:380:in `initialize'
@Jvlythical
Copy link
Author

It seems on my system a key of 2048 bits is needed. I now get the following error:

ERROR OpenSSL::SSL::SSLError: SSL_CTX_use_certificate: ca md too weak

@Jvlythical
Copy link
Author

Fixed the above error by changing the signing algorithm from SHA1 to SHA256. I now get the following error:

ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=error: tlsv1 alert unknown ca

@Jvlythical
Copy link
Author

Jvlythical commented Feb 18, 2021
edited

Adding --insecure option to curl or setting the --cacert {path of ca.pem} option fixes the above error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Jvlythical