New systems have an issue with dh key length

Question

New systems have an issue with dh key length

robbintt opened this issue 5 years ago · 5 comments

I just set this up on a custom client with ubuntu 18 and couldn’t download maps due to the dh key for the host:port listed under the ;repository download-mapdb command.

The cert needs upgraded to be more modern, i presume you have a 1024 bit dh key which doesn’t cut the mustard anymore. Thanks!

> ;repository download-mapdb                                                          
--- Lich: repository active.                                                         
[repository: error connecting to server: SSL_connect returned=1 errno=0 state=error: 
dh key too small]                                                                     
--- Lich: repository has exited.

Answer 1 · 2019-10-24T01:47:01.000Z

on more recent debian/ubuntu releases you can set

CipherString = DEFAULT@SECLEVEL=1

in /etc/ssl/openssl.cnf to work around it.

Answer 2 · 2019-10-24T01:59:53.000Z

you probably could just delete that line entirely actually, that should be the default and the debian devs upped it

Answer 3 · 2019-10-24T10:34:25.000Z

You are correct. This is the route I took as an intermediate solution. Ideally this security bugfix still makes it through. Thanks!

On Thu, Oct 24, 2019 at 03:59 Robert Hooker ***@***.***> wrote: you probably could just delete that line entirely actually, that should be the default and the debian devs upped it — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#45>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAOZDW3TQYLY3UMWSAEDNRLQQD6RVANCNFSM4JDSRTOQ> .

-- (Sent from cellphone)

Answer 4 · 2019-10-24T13:55:20.000Z

You'd need to talk to Tillmen, he controls repository.

Answer 5 · 2019-10-25T23:06:03.000Z

https://github.com/matt-lowe/Lich would be the right place to report it, or email him, he controls the server repos runs on