community icon indicating copy to clipboard operation
community copied to clipboard

Published 20 hours ago verified publisher icon istio

TLS passthrough sample: SSL_CTX_use_certificate:ca md too weak

Open Morriz opened this issue 4 years ago • 2 comments

When following these docs: https://istio.io/latest/docs/tasks/traffic-management/ingress/ingress-sni-passthrough/

I get errors that the generated cert for CA is created using a too weak algorithm:

2021/05/26 22:43:57 [emerg] 1#1: SSL_CTX_use_certificate("/etc/nginx-server-certs/tls.crt") failed (SSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak)                                                                               │
│ nginx: [emerg] SSL_CTX_use_certificate("/etc/nginx-server-certs/tls.crt") failed (SSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak)

Morriz avatar May 26 '21 22:05 Morriz

I'm using openssl 1.1 on OSX btw

Morriz avatar May 26 '21 23:05 Morriz

if you add one extra param to each of the 3 openssl commands it will pass on modern k8s clusters: -sha256

Morriz avatar May 26 '21 23:05 Morriz

Thanks, I see that parameter is included in the docs now!

craigbox avatar Sep 29 '22 00:09 craigbox