php SSL 操作失败,代码 1:dh 密钥太小
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30701397/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SSL operation failed with code 1: dh key too small
提问by markbratanov
I am connecting to my database Google Cloud SQL via SSL. I use codeigniter 3.0 to do so, although the mysqli driver is a bit modified to allow this functionality.
我正在通过 SSL 连接到我的数据库 Google Cloud SQL。我使用 codeigniter 3.0 来执行此操作,尽管对 mysqli 驱动程序进行了一些修改以允许此功能。
It's been working well for months. However it juststarted to return this warning:
几个月来一直运行良好。但是它刚刚开始返回此警告:
Message: mysqli::real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
I'm assuming DH Key is too smallis the main problem, but I have no idea what that means. I've googled Diffie–Hellman key exchange, along with the message "key too small" but I haven't had much luck.
我假设DH Key is too small是主要问题,但我不知道这意味着什么。我在谷歌上搜索了 Diffie–Hellman 密钥交换,以及“密钥太小”的消息,但我运气不佳。
Is this a sign that the keys on the server have been tampered with? I've checked the last-modified dates on them -- no abnormal recent access.
这是否表明服务器上的密钥已被篡改?我已经检查了它们的最后修改日期——最近没有异常访问。
It could be that my server did some upgrading to PHP or their server configuration, which may result in this breaking, but I wanted to check and make sure that it wasn't something else.
可能是我的服务器对 PHP 或其服务器配置进行了一些升级,这可能会导致此中断,但我想检查并确保它不是其他东西。
Thanks for any insight / readable material on the subject.
感谢您提供有关该主题的任何见解/可读材料。
回答by jww
... error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
... error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small
The error number you are interested in is the OpenSSL error 0x14082174.
您感兴趣的错误编号是 OpenSSL 错误 0x14082174。
The SSL3_CHECK_CERT_AND_ALGORITHMis usually seen when enabling export grade ciphers. It may be showing up again in non-export grade negotiations due to Logjam (see below).
在SSL3_CHECK_CERT_AND_ALGORITHM使出口级密码时,通常出现。由于 Logjam(见下文),它可能会再次出现在非出口级谈判中。
I'm assuming DH Key is too small is the main problem, but I have no idea what that means. I've googled Diffie–Hellman key exchange, along with the message "key too small" but I haven't had much luck.
我假设 DH Key 太小是主要问题,但我不知道这意味着什么。我在谷歌上搜索了 Diffie–Hellman 密钥交换,以及“密钥太小”的消息,但我运气不佳。
That's due to the recent Logjam attackfrom the paper Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice.
这是由于最近来自论文不完美的前向保密:Diffie-Hellman 在实践中失败的Logjam 攻击。
You should use 2048-bit Diffie-Hellman groups or larger. You should notbe using 512-bit or 1024-bit Diffie-Hellman groups.
您应该使用 2048 位 Diffie-Hellman 组或更大的组。你应该不使用512位或1024位Diffie-Hellman组进行。
The first thing to check for is your cipher list string. It should be similar to:
首先要检查的是您的密码列表字符串。它应该类似于:
"HIGH:!aNULL:!MD5:!RC4"
It will avoid the export grade ciphers, and use modern ciphers. But you will also need to ensure your DH callback is not using a weak/small field size. For that, you need to check the server configuration.
它将避免出口级密码,并使用现代密码。但是您还需要确保您的 DH 回调没有使用弱/小字段大小。为此,您需要检查服务器配置。
Some folks are "solving" the issue with kRSA. kRSAis a key transportscheme, not a key agreementscheme. The RSA key transport scheme does not provide forward secrecy, and its use is usually discouraged. In fact, its going to be removed from TLS 1.3.
有些人正在“解决”这个问题kRSA。kRSA是密钥传输方案,而不是密钥协议方案。RSA 密钥传输方案不提供前向保密,通常不鼓励使用它。事实上,它将从 TLS 1.3 中删除。
I can only say "usually discouraged"because it depends on the data being protected. If you have SSL/TLS to guard downloads of a publicly available file, then its probably OK to use. If your website has a login, then its probably a little risky to use it because the password is secret data (unlike the publicly downloadable file).
我只能说“通常不鼓励”,因为这取决于受保护的数据。如果你有 SSL/TLS 来保护公开文件的下载,那么它可能可以使用。如果您的网站有登录名,那么使用它可能有点风险,因为密码是秘密数据(与可公开下载的文件不同)。
To avoid key transport and pass those Qualsys SSL Labstests for web server configurations and forward secrecy, use:
要避免密钥传输并通过Qualsys SSL Labs对 Web 服务器配置和转发保密的测试,请使用:
"HIGH:!aNULL:!kRSA:!MD5:!RC4"
In your Apache configuration file, it would look like so:
在您的 Apache 配置文件中,它看起来像这样:
# cat /etc/httpd/conf.d/ssl.conf | grep SSLCipherSuite
# SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCipherSuite HIGH:!aNULL:!kRSA:!MD5:!RC4
I seem to recall wgetrejected small groups quite some time before the paper was released. It might make a good test case for your site.
我似乎记得wget在论文发布前一段时间被拒绝的小组。它可能会为您的网站提供一个很好的测试用例。
There's also an improved sslscan, which tests for lots of things. That might make a good QA tool, too.
还有一个改进的sslscan,它可以测试很多东西。这也可能是一个很好的 QA 工具。
