SSL操作失败，代码1：dh键太小 [英] SSL operation failed with code 1: dh key too small

问题描述

我通过SSL连接到我的数据库Google Cloud SQL。我使用codeigniter 3.0这样做，虽然mysqli驱动程序有点修改，以允许此功能。

它已经工作了好几个月。

 消息：mysqli :: real_connect（）：SSL操作失败与代码1. OpenSSL错误消息：错误：14082174：SSL例程：SSL3_CHECK_CERT_AND_ALGORITHM：dh键太小
  

我假设 DH键太小是主要的问题，但我不知道这是什么意思。我已经搜索Diffie-Hellman密钥交换，以及消息关键太小，但我没有太多的运气。

这是服务器上的密钥被篡改的标志吗？我检查了他们上次修改的日期 - 没有异常的最近访问。

这可能是我的服务器做了一些升级到PHP或他们的服务器配置，

感谢您对此主题的任何洞察/可读材料。

p>

解决方案

  ...错误：14082174：SSL例程：SSL3_CHECK_CERT_AND_ALGORITHM ：dh键太小
  

您感兴趣的错误号是OpenSSL错误0x14082174。

启用导出等级密码时通常会看到 SSL3_CHECK_CERT_AND_ALGORITHM 。

---

（参见下文）

我假设DH Key太小是主要问题，但我不知道这是什么意思。我已经搜索Diffie-Hellman密钥交换，以及消息关键太小，但我没有太多的运气。

这是由于最近的 Logjam攻击从文章不完美的向前保密：Diffie-Hellman如何失败。

您应该使用2048位Diffie-Hellman组或更大。您应 不 使用512位或1024位的Diffie-Hellman群组。

检查是否是您的密码列表字符串。它应该类似于：

 HIGH：！aNULL：！MD5：！RC4
  

它将避免导出等级密码，并使用现代密码。但你还需要确保你的DH回调没有使用弱/小字段大小。

---

有些人正在解决<$ c $的问题c> kRSA 。 kRSA 是键 强>方案。 RSA密钥传输方案不提供前向保密，并且其使用通常是不鼓励的。实际上，它将从TLS 1.3中删除。

我只能说通常不鼓励，因为它取决于受保护的数据。如果您具有SSL / TLS以防止下载公开可用的文件，那么它可能需要使用。如果您的网站有登录信息，那么使用它可能有点风险，因为密码是保密数据（不同于可公开下载的文件）。

为避免密钥传输和通过这些 Qualsys SSL实验室测试网络服务器配置和转发保密，使用：

 HIGH：！aNULL：！kRSA：！MD5：！RC4
   
 
在您的Apache配置文件中，它将如下所示：
 ＃cat / etc / httpd / conf.d / ssl.conf | grep SSLCipherSuite 
＃SSLCipherSuite HIGH：MEDIUM：！aNULL：！MD5 
 SSLCipherSuite HIGH：！aNULL：！kRSA：！MD5：！RC4 
  
 
 
 
 
 
 
我似乎回忆起 wget 纸张被释放。 
 
 
 
还有一个改进的 sslscan ，它测试了很多东西。这可能也是一个很好的质量检查工具。
 
I am connecting to my database Google Cloud SQL via SSL. I use codeigniter 3.0 to do so, although the mysqli driver is a bit modified to allow this functionality. 

It's been working well for months. However it just started to return this warning:
Message: mysqli::real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
I'm assuming DH Key is too small is the main problem, but I have no idea what that means. I've googled Diffie–Hellman key exchange, along with the message "key too small" but I haven't had much luck. 

Is this a sign that the keys on the server have been tampered with? I've checked the last-modified dates on them -- no abnormal recent access.

It could be that my server did some upgrading to PHP or their server configuration, which may result in this breaking, but I wanted to check and make sure that it wasn't something else.

Thanks for any insight / readable material on the subject.
解决方案

... error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

The error number you are interested in is the OpenSSL error 0x14082174.

The SSL3_CHECK_CERT_AND_ALGORITHM is usually seen when enabling export grade ciphers. It may be showing up again in non-export grade negotiations due to Logjam (see below).




  
I'm assuming DH Key is too small is the main problem, but I have no idea what that means. I've googled Diffie–Hellman key exchange, along with the message "key too small" but I haven't had much luck. 
That's due to the recent Logjam attack from the paper Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice.

You should use 2048-bit Diffie-Hellman groups or larger. You should not be using 512-bit or 1024-bit Diffie-Hellman groups.

The first thing to check for is your cipher list string. It should be similar to:
"HIGH:!aNULL:!MD5:!RC4"
It will avoid the export grade ciphers, and use modern ciphers. But you will also need to ensure your DH callback is not using a weak/small field size. For that, you need to check the server configuration.



Some folks are "solving" the issue with kRSA. kRSA is a key transport scheme, not a key agreement scheme. The RSA key transport scheme does not provide forward secrecy, and its use is usually discouraged. In fact, its going to be removed from TLS 1.3.

I can only say "usually discouraged" because it depends on the data being protected. If you have SSL/TLS to guard downloads of a publicly available file, then its probably OK to use. If your website has a login, then its probably a little risky to use it because the password is secret data (unlike the publicly downloadable file).

To avoid key transport and pass those Qualsys SSL Labs tests for web server configurations and forward secrecy, use:
"HIGH:!aNULL:!kRSA:!MD5:!RC4"
In your Apache configuration file, it would look like so:
# cat /etc/httpd/conf.d/ssl.conf | grep SSLCipherSuite
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCipherSuite HIGH:!aNULL:!kRSA:!MD5:!RC4




I seem to recall wget rejected small groups quite some time before the paper was released. It might make a good test case for your site.

There's also an improved sslscan, which tests for lots of things. That might make a good QA tool, too.

                        
这篇关于SSL操作失败，代码1：dh键太小的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！