Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

double the key length of self-signed cert in ncat #1310

Closed
wants to merge 1 commit into from
Closed

double the key length of self-signed cert in ncat #1310

wants to merge 1 commit into from

Conversation

AdrianVollmer
Copy link

The default key length was 1024 bit, which leads to this error in a
recent version of Debian Unstable (sid/buster):

Ncat: SSL_CTX_use_certificate(): error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small. QUITTING.

The default key length was 1024 bit, which leads to this error in a
recent version of Debian Unstable (sid/buster):

Ncat: SSL_CTX_use_certificate(): error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small. QUITTING.
@AdrianVollmer
Copy link
Author

Looks like it has been merged. Thx

@AdrianVollmer
Copy link
Author

Nvm, I looked at the wrong branch

@AdrianVollmer AdrianVollmer reopened this Oct 23, 2018
@JJAlexion
Copy link

The default key length was 1024 bit, which leads to this error in a
recent version of Debian Unstable (sid/buster):

Ncat: SSL_CTX_use_certificate(): error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small. QUITTING.

Hi Adrian,
I am getting the same issue when using ncat 7.7. How could I fix it? Sorry if this is a silly question I am new to Linux. thanks.

@AdrianVollmer
Copy link
Author

You need to create your own self-signed certificate with a key that is at least 2048 bit and then pass that certificate to ncat using the --ssl-cert and --sl-key parameters. See here: https://stackoverflow.com/a/10176685/1308830

Not sure what the status on this issue here is. According to the mailing list, they plan to merge it: https://seclists.org/nmap-dev/2018/q3/25
Who knows when it will happen

@nnposter
Copy link

Hopefully this will be resolved by the end of the day. Stay tuned.

@nnposter
Copy link

Resolved in r37540. Thank you for contributing.

@JJAlexion Even without recompiling ncat, you can work around the issue by adjusting the following line in openssl.cnf from:

CipherString = DEFAULT@SECLEVEL=2

to

CipherString = DEFAULT

If you do not want to apply this change system-wide, you can clone the file and then use environment variable OPENSSL_CONF to force this alternate configuration, such as:

env OPENSSL_CONF=~/openssl-ncat.cnf ncat -l --ssl ....

@nmap-bot nmap-bot closed this in 25db5fb Dec 20, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants