SSL DH_KEY_TOO_SMALL

[smarek]

Checklist

• I'm reporting a broken site support issue
• I've verified that I'm running youtube-dl version 2019.09.01
• I've checked that all provided URLs are alive and playable in a browser
• I've checked that all URLs and arguments with special characters are properly quoted or escaped
• I've searched the bugtracker for similar bug reports including closed ones
• I've read bugs section in FAQ

Verbose log

# youtube-dl -v "https://www.ceskatelevize.cz/porady/10316155327-horizont-ct24/219411058050906/"
[debug] System config: []
[debug] User config: []
[debug] Custom config: []
[debug] Command-line args: [u'-v', u'https://www.ceskatelevize.cz/porady/10316155327-horizont-ct24/219411058050906/']
[debug] Encodings: locale UTF-8, fs UTF-8, out UTF-8, pref UTF-8
[debug] youtube-dl version 2019.09.01
[debug] Python version 2.7.16 (CPython) - Linux-4.19.0-5-amd64-x86_64-with-debian-10.0
[debug] exe versions: ffmpeg 4.1.4-1, ffprobe 4.1.4-1, phantomjs 2.1.1, rtmpdump 2.4
[debug] Proxy map: {}
[CeskaTelevizePorady] 219411058050906: Downloading webpage
ERROR: Unable to download webpage: <urlopen error [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:727)> (caused by URLError(SSLError(1, u'[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:727)'),))
  File "/usr/local/bin/youtube-dl/youtube_dl/extractor/common.py", line 627, in _request_webpage
    return self._downloader.urlopen(url_or_request)
  File "/usr/local/bin/youtube-dl/youtube_dl/YoutubeDL.py", line 2229, in urlopen
    return self._opener.open(req, timeout=self._socket_timeout)
  File "/usr/lib/python2.7/urllib2.py", line 429, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 447, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 407, in _call_chain
    result = func(*args)
  File "/usr/local/bin/youtube-dl/youtube_dl/utils.py", line 2724, in https_open
    req, **kwargs)
  File "/usr/lib/python2.7/urllib2.py", line 1198, in do_open
    raise URLError(err)

Description

This issue shall not be in my opinion related to single website, because it's not parser, but the ssl/tls connectivity layer itself. I found no option to tweak ssl/tls options related to DH key size (or supported tls versions)

[a1346054]

Problem on their server https://www.ssllabs.com/ssltest/analyze.html?d=www.ceskatelevize.cz

Contact them to fix it.

[smarek]

Well, since browsers can deal with that, is there nothing we could do on our side? It is weak, ofc, but that should not be hard error, should be warning imho.

[a1346054]

Chrome shows a security error on that webpage, and that webpage will stop working in Chrome in February 2020. Tell the website owners to fix their security, nothing for ytdl to do.

[smarek]

I'm sorry, but I don't see any error / warning related to security on the page. I'm using Chrome 78.0.3904.9 (Official Build) dev (64-bit).
Can you maybe provide a screenshot of said error? I'm willing to let them know to fix their ssl

This is what I see in the security panel of developer tools, but that is far from "error"

[mcepl]

This has been fixed. The website of Česká televize has now B certification on ssllabs.com, and youtube-dl 2020.01.01 can download this show without any problem.