New systems have an issue with dh key length

[robbintt]

I just set this up on a custom client with ubuntu 18 and couldn’t download maps due to the dh key for the host:port listed under the ;repository download-mapdb command.

The cert needs upgraded to be more modern, i presume you have a 1024 bit dh key which doesn’t cut the mustard anymore. Thanks!

> ;repository download-mapdb                                                          
--- Lich: repository active.                                                         
[repository: error connecting to server: SSL_connect returned=1 errno=0 state=error: 
dh key too small]                                                                     
--- Lich: repository has exited.    

[Sarvatt]

on more recent debian/ubuntu releases you can set

CipherString = DEFAULT@SECLEVEL=1

in /etc/ssl/openssl.cnf to work around it.

[Sarvatt]

you probably could just delete that line entirely actually, that should be the default and the debian devs upped it

[robbintt]

You are correct. This is the route I took as an intermediate solution. Ideally this security bugfix still makes it through.

Thanks!

On Thu, Oct 24, 2019 at 03:59 Robert Hooker [email protected] wrote:

you probably could just delete that line entirely actually, that should be the default and the debian devs upped it

— You are receiving this because you authored the thread.

Reply to this email directly, view it on GitHub https://github.com/rcuhljr/dr-lich/issues/45?email_source=notifications&email_token=AAOZDW6IPD2T25QJSWPJ2M3QQD6RVA5CNFSM4JDSRTO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECDNTVI#issuecomment-545708501, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOZDW3TQYLY3UMWSAEDNRLQQD6RVANCNFSM4JDSRTOQ .

-- (Sent from cellphone)

[rcuhljr]

You'd need to talk to Tillmen, he controls repository.

[Sarvatt]

https://github.com/matt-lowe/Lich would be the right place to report it, or email him, he controls the server repos runs on