error 'ee key too small'

Question

error 'ee key too small'

Opened this issue 4 years ago · 9 comments

This error is because polyglot is using an old version of TLS which is insecure. Polyglot needs to be updated to TLS 1.2 or better. Changing SECLEVEL=1 does work, but it works by enabling use of the insecure TLS version on your box which is probably something that you shouldn't do.

Answer 1 · 2020-11-25T17:57:18.000Z

I've made a lot of suggested changes regarding SECLEVEL on ubuntu 20.04, but it's not taking. I agree with jonsmirl emphatically.

Answer 2 · 2021-03-14T16:22:53.000Z

I too am seeing this on 2.2.11 running in a Docker container. How can I get around this?

error: Startup error. Shutting down: Error: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too small

Answer 3 · 2021-03-14T16:42:37.000Z

Workaround is here https://github.com/UniversalDe...-v2#ssl-error-ee-key-too-small as mentioned in #102

Answer 4 · 2021-03-14T16:55:32.000Z

@jimboca, I am running pulling the binary and creating a docker image. I see the fix you pointed out. I don't think you are using Docker and may not be able to answer my question. Do you know how I could make this change so it is applied in the container? I would rather not make this change after the container is started and instead fix it before the container is created.

Answer 5 · 2021-03-14T17:33:43.000Z

Sorry, no idea

Answer 6 · 2021-03-14T21:19:01.000Z

Use Ubuntu 18.04 as the docker base

…

On Sun, Mar 14, 2021, 11:55 AM Parker Smith ***@***.***> wrote: @jimboca <https://github.com/jimboca>, I am running pulling the binary and creating a docker image. I see the fix you pointed out. I don't think you are using Docker and may not be able to answer my question. Do you know how I could make this change so it is applied in the container? I would rather not make this change after the container is started and instead fix it before the container is created. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#95 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABL52RFIILMOFZNQY72H6TTTDTTBDANCNFSM4TXH2S7Q> .

Answer 7 · 2021-03-15T16:48:19.000Z

Use Ubuntu 18.04 as the docker base
…

I am running Docker on a Synology NAS. When you say use Ubunti 18.04 as the docker base, are you referring to the FROM in the docker file? I currently am using "FROM debian:buster"

Answer 8 · 2021-03-15T17:10:01.000Z

Yes. Use FROM ubuntu:bionic. It worked well for me as an OS in regards to providing a compatible version of openssl.

…

On Mon, Mar 15, 2021, 11:48 AM Parker Smith ***@***.***> wrote: Use Ubuntu 18.04 as the docker base … <#m_6223823073180240127_> I am running Docker on a Synology NAS. When you say use Ubunti 18.04 as the docker base, are you referring to the FROM in the docker file? I currently am using "FROM debian:buster" — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#95 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABL52RHE7WHUHTZOCWSFLFTTDY26PANCNFSM4TXH2S7Q> .

Answer 9 · 2021-03-15T18:30:38.000Z

Yes. Use FROM ubuntu:bionic. It worked well for me as an OS in regards to providing a compatible version of openssl.
…

Thanks much for this suggestion. Indeed this worked!