SSL 操作失败，代码 1:dh 密钥太小 [英] SSL operation failed with code 1: dh key too small

问题描述

我正在通过 SSL 连接到我的数据库 Google Cloud SQL.我使用 codeigniter 3.0 来执行此操作，尽管对 mysqli 驱动程序进行了一些修改以允许此功能.

I am connecting to my database Google Cloud SQL via SSL. I use codeigniter 3.0 to do so, although the mysqli driver is a bit modified to allow this functionality.

几个月来一直运行良好.然而它只是开始返回这个警告:

It's been working well for months. However it just started to return this warning:

Message: mysqli::real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

我假设 DH 密钥太小 是主要问题，但我不知道这意味着什么.我在谷歌上搜索了 Diffie–Hellman 密钥交换，以及密钥太小"的消息，但我运气不佳.

I'm assuming DH Key is too small is the main problem, but I have no idea what that means. I've googled Diffie–Hellman key exchange, along with the message "key too small" but I haven't had much luck.

这是否表明服务器上的密钥已被篡改?我已经检查了它们的最后修改日期 - 最近没有异常访问.

Is this a sign that the keys on the server have been tampered with? I've checked the last-modified dates on them -- no abnormal recent access.

可能是我的服务器对 PHP 或其服务器配置进行了一些升级，这可能会导致此中断，但我想检查并确保不是其他原因.

It could be that my server did some upgrading to PHP or their server configuration, which may result in this breaking, but I wanted to check and make sure that it wasn't something else.

感谢您提供有关该主题的任何见解/可读材料.

Thanks for any insight / readable material on the subject.

推荐答案

... error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

您感兴趣的错误编号是 OpenSSL 错误 0x14082174.

The error number you are interested in is the OpenSSL error 0x14082174.

SSL3_CHECK_CERT_AND_ALGORITHM 通常在启用导出级密码时出现.由于 Logjam(见下文)，它可能会再次出现在非出口级谈判中.

The SSL3_CHECK_CERT_AND_ALGORITHM is usually seen when enabling export grade ciphers. It may be showing up again in non-export grade negotiations due to Logjam (see below).

我认为 DH Key 太小是主要问题，但我不知道这意味着什么.我在谷歌上搜索了 Diffie–Hellman 密钥交换，以及密钥太小"的消息，但我运气不佳.

I'm assuming DH Key is too small is the main problem, but I have no idea what that means. I've googled Diffie–Hellman key exchange, along with the message "key too small" but I haven't had much luck.

这是由于最近 Logjam 攻击 来自论文 不完美的前向保密:Diffie-Hellman 如何在实践中失败.

That's due to the recent Logjam attack from the paper Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice.

您应该使用 2048 位 Diffie-Hellman 组或更大的组.您应该使用 512 位或 1024 位 Diffie-Hellman 组.

You should use 2048-bit Diffie-Hellman groups or larger. You should not be using 512-bit or 1024-bit Diffie-Hellman groups.

首先要检查的是您的密码列表字符串.它应该类似于:

The first thing to check for is your cipher list string. It should be similar to:

"HIGH:!aNULL:!MD5:!RC4"

它将避免出口级密码，并使用现代密码.但是您还需要确保您的 DH 回调没有使用弱/小字段大小.为此，您需要检查服务器配置.

It will avoid the export grade ciphers, and use modern ciphers. But you will also need to ensure your DH callback is not using a weak/small field size. For that, you need to check the server configuration.

有些人正在使用 kRSA解决"这个问题.kRSA 是一个关键的传输方案，而不是一个关键的协议方案.RSA 密钥传输方案不提供前向保密，通常不鼓励使用它.事实上，它将从 TLS 1.3 中删除.

Some folks are "solving" the issue with kRSA. kRSA is a key transport scheme, not a key agreement scheme. The RSA key transport scheme does not provide forward secrecy, and its use is usually discouraged. In fact, its going to be removed from TLS 1.3.

我只能说通常不鼓励"，因为这取决于受保护的数据.如果你有 SSL/TLS 来保护公开文件的下载，那么它可能可以使用.如果您的网站有登录名，那么使用它可能有点风险，因为密码是机密数据(与可公开下载的文件不同).

I can only say "usually discouraged" because it depends on the data being protected. If you have SSL/TLS to guard downloads of a publicly available file, then its probably OK to use. If your website has a login, then its probably a little risky to use it because the password is secret data (unlike the publicly downloadable file).

为了避免密钥传输并通过那些 Qualsys SSL Labs 网络服务器配置和前向保密测试，请使用:

To avoid key transport and pass those Qualsys SSL Labs tests for web server configurations and forward secrecy, use:

"HIGH:!aNULL:!kRSA:!MD5:!RC4"

在您的 Apache 配置文件中，它看起来像这样:

In your Apache configuration file, it would look like so:

# cat /etc/httpd/conf.d/ssl.conf | grep SSLCipherSuite
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCipherSuite HIGH:!aNULL:!kRSA:!MD5:!RC4

<小时>

我似乎记得wget在论文发布前很长时间拒绝了小组.它可能是您网站的一个很好的测试用例.

---

I seem to recall wget rejected small groups quite some time before the paper was released. It might make a good test case for your site.

还有一个改进的 sslscan，可以测试很多东西.这也可能是一个很好的 QA 工具.

There's also an improved sslscan, which tests for lots of things. That might make a good QA tool, too.

这篇关于SSL 操作失败，代码 1:dh 密钥太小的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！