evil-proxy icon indicating copy to clipboard operation
evil-proxy copied to clipboard
verified publisher icon bbtfr

ERROR OpenSSL::SSL::SSLError: SSL_CTX_use_certificate: ee key too small

Open Jvlythical opened this issue 4 years ago • 3 comments

Are there any guesses as to why I might be seeing this error message?

Steps to reproduce:

  1. Create and run:
require 'evil-proxy'

proxy = EvilProxy::MITMProxyServer.new Port: 8080
proxy.start
  1. Run:
https_proxy=http://localhost:8080 curl https://google.com

Error in log:

[2021-02-17 23:54:02] ERROR OpenSSL::SSL::SSLError: SSL_CTX_use_certificate: ee key too small
	/home/jvlarble/.rvm/rubies/ruby-2.4.0/lib/ruby/2.4.0/openssl/ssl.rb:380:in `initialize'

Jvlythical avatar Feb 18 '21 08:02 Jvlythical

It seems on my system a key of 2048 bits is needed. I now get the following error:

ERROR OpenSSL::SSL::SSLError: SSL_CTX_use_certificate: ca md too weak

Jvlythical avatar Feb 18 '21 08:02 Jvlythical

Fixed the above error by changing the signing algorithm from SHA1 to SHA256. I now get the following error:

ERROR OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=error: tlsv1 alert unknown ca

Jvlythical avatar Feb 18 '21 08:02 Jvlythical

Adding --insecure option to curl or setting the --cacert {path of ca.pem} option fixes the above error.

Jvlythical avatar Feb 18 '21 08:02 Jvlythical