Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dh key too small #3392

Closed
SurelySomeday opened this issue Aug 17, 2018 · 3 comments
Closed

dh key too small #3392

SurelySomeday opened this issue Aug 17, 2018 · 3 comments

Comments

@SurelySomeday
Copy link

@SurelySomeday SurelySomeday commented Aug 17, 2018

url: “https://portal.hyit.edu.cn/zfca/login”
error: ERROR: Error downloading <GET https://portal.hyit.edu.cn/zfca/login>: [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'tls_process_ske_dhe', 'dh key too small')

@wRAR
Copy link
Contributor

@wRAR wRAR commented Aug 20, 2018

According to the SSL Labs test the website is indeed using an insecure HTTPS configuration, and OpenSSL refuses to talk to it.

I couldn't find a way to disable this particular check in OpenSSL, but disabling DH ciphers in OpenSSL helps with at least this website. To do that in Scrapy you need to subclass scrapy.core.downloader.contextfactory.ScrapyClientContextFactory, replacing DEFAULT_CIPHERS with AcceptableCiphers.fromOpenSSLCipherString('DEFAULT:!DH') and then set the DOWNLOADER_CLIENTCONTEXTFACTORY setting to this new class. It's probably worth making the cipher string a Scrapy setting if that works, but for now you'll need to do this.

@SurelySomeday
Copy link
Author

@SurelySomeday SurelySomeday commented Aug 20, 2018

Thank you very much !!! According to your suggestion, I already have the solution.

@Gallaecio
Copy link
Member

@Gallaecio Gallaecio commented Aug 21, 2019

This is now configurable through a setting thanks to @wRAR’s #3442.

@Gallaecio Gallaecio closed this Aug 21, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants