You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[2020-04-18 15:47:13] <happyfish> Installing bahamut 2.1.4. Ran ./make-cert.sh to generate SSL cert. Error SSL_CTX_use_certificate:ee key too small:ssl/ssl_rsa.c:310: ssl failed!
[2020-04-18 15:47:53] <xPsycho> hi, happyfish
[2020-04-18 15:47:53] <xPsycho> hmmm
[2020-04-18 15:48:38] <xPsycho> seems like we are only creating a 1024-bit key
[2020-04-18 15:48:45] <xPsycho> probably needs to be updated to 2048
[2020-04-18 15:49:09] <xPsycho> I haven't seen that pop up anywhere before though
[2020-04-18 15:49:17] <happyfish> yes, initially I was getting this, which may be related. # ./ircd
[2020-04-18 15:49:17] <happyfish> bahamut-2.1.4 booting...
[2020-04-18 15:49:17] <happyfish> Initializing Encryption...
[2020-04-18 15:49:17] <happyfish> No random state found, generating entropy from /dev/urandom...
[2020-04-18 15:49:29] <xPsycho> so I wonder if your machine has a custom minimum ... or a new version of openssl has a new minimum default
[2020-04-18 15:49:52] <happyfish> thanks, i'll dig into openssl
[2020-04-18 15:50:30] <xPsycho> try changing "default_bits = 1024" to "default_bits = 2048" in our make-cert.cnf, then re-run make-cert.sh
[2020-04-18 15:52:45] <xPsycho> ls
[2020-04-18 15:54:45] <xPsycho> also, what version of OpenSSL are you using? type "openssl version"
[2020-04-18 15:56:00] <happyfish> OpenSSL 1.1.1c FIPS 28 May 2019
[2020-04-18 15:58:51] <xPsycho> new enough
[2020-04-18 15:58:52] <xPsycho> hmm
[2020-04-18 16:00:14] <xPsycho> is this Debian?
[2020-04-18 16:03:38] <happyfish> RHEL 8.1. I regenerated 2048 bit cert and it worked.
[2020-04-18 16:03:47] <happyfish> "Ircd is now becoming a daemon."
[2020-04-18 16:03:52] <xPsycho> great
[2020-04-18 16:03:55] <xPsycho> I found this about Debian: https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1
[2020-04-18 16:04:09] <xPsycho> in /etc/ssl/openssl.cnf, CipherString = DEFAULTSECLEVEL=2
[2020-04-18 16:04:16] <xPsycho> SECLEVEL=2 means a minimum key size of 2048
The text was updated successfully, but these errors were encountered:
The text was updated successfully, but these errors were encountered: