[SSL: DH_KEY_TOO_SMALL] dh key too small

[xmstspider]

Checklist

• I'm reporting a broken site support issue
• I've verified that I'm running youtube-dl version 2020.03.24
• I've checked that all provided URLs are alive and playable in a browser
• I've checked that all URLs and arguments with special characters are properly quoted or escaped
• I've searched the bugtracker for similar bug reports including closed ones
• I've read bugs section in FAQ

Verbose log

youtube-dl --verbose https://www.ceskatelevize.cz/porady/11571031751-anatomie-zrady/219512120010001/
[debug] System config: []
[debug] User config: []
[debug] Custom config: []
[debug] Command-line args: ['--verbose', 'https://www.ceskatelevize.cz/porady/11571031751-anatomie-zrady/219512120010001/']
[debug] Encodings: locale UTF-8, fs utf-8, out utf-8, pref UTF-8
[debug] youtube-dl version 2020.03.24
[debug] Python version 3.8.2 (CPython) - Linux-5.4.0-26-generic-x86_64-with-glibc2.29
[debug] exe versions: ffmpeg 4.2.2, ffprobe 4.2.2, phantomjs 2.1.1, rtmpdump 2.4
[debug] Proxy map: {}
[CeskaTelevizePorady] 219512120010001: Downloading webpage
ERROR: Unable to download webpage: <urlopen error [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1108)> (caused by URLError(SSLError(1, '[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1108)')))
  File "/home/xzdse/.local/lib/python3.8/site-packages/youtube_dl/extractor/common.py", line 627, in _request_webpage
    return self._downloader.urlopen(url_or_request)
  File "/home/xzdse/.local/lib/python3.8/site-packages/youtube_dl/YoutubeDL.py", line 2238, in urlopen
    return self._opener.open(req, timeout=self._socket_timeout)
  File "/usr/lib/python3.8/urllib/request.py", line 525, in open
    response = self._open(req, data)
  File "/usr/lib/python3.8/urllib/request.py", line 542, in _open
    result = self._call_chain(self.handle_open, protocol, protocol +
  File "/usr/lib/python3.8/urllib/request.py", line 502, in _call_chain
    result = func(*args)
  File "/home/xzdse/.local/lib/python3.8/site-packages/youtube_dl/utils.py", line 2726, in https_open
    return self.do_open(functools.partial(
  File "/usr/lib/python3.8/urllib/request.py", line 1322, in do_open
    raise URLError(err)

Description

This should be already fixed in #22335 but I came back after upgrading Ubuntu 19.10 to 20.04. I tested Youtube to verify but it seems to be related to this site only. Since this issue is not present when browsing the site, there must be a way to to convince youtube-dl to accept weak DH keys.

[webdevelopers-eu]

I had the same problem and I noticed that CURL throws the same error during testing.

curl "https://www.ceskatelevize.cz/ivysilani/1097181328-udalosti/220411000100429/obsah/765028-posileni-pravomoci-ministra-zdravotnictvi"
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

The temporary workaround for me was to edit /etc/ssl/openssl.cnf and comment out CipherString = DEFAULT@SECLEVEL=2

Then it started working.

The issue seems to be with Česká Televize website. It supports weak Diffie-Hellman (DH) key exchange parameters - a vulnerability described here: https://weakdh.org/

WGET works just fine. I tried to use --external-downloader wget with no luck. It seems that for probe requests it does not use downloader indicated on command line. I consider this to be a bug.

[xmstspider]

The temporary workaround for me was to edit /etc/ssl/openssl.cnf and comment out CipherString = DEFAULT@SECLEVEL=2

Hmm I don't have this line in my Ubuntu 20.04

[webdevelopers-eu]

If it is not there, you can try adding CipherString = DEFAULT@SECLEVEL=1 to [system_default_sect] section. See level descriptions https://www.openssl.org/docs/man1.1.0/man3/SSL_CTX_get_security_level.html

Just make sure you edit the right location, run openssl version -d.

Same issue for ubuntu here with tip how to do it without modification of system-wide config: https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level