"dh key too small" 与 Savon ruby gem
"dh key too small" with Savon ruby gem
升级到 Debian Buster 后,Savon 失败并显示:
SSL_connect returned=1 errno=0 state=error: dh key too small
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi/adapter/net_http.rb:51:in `rescue in request'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi/adapter/net_http.rb:30:in `request'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi.rb:161:in `request'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi.rb:133:in `post'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/operation.rb:94:in `block in call_with_logging'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/request_logger.rb:12:in `log'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/operation.rb:94:in `call_with_logging'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/operation.rb:54:in `call'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/client.rb:36:in `call'
我尝试通过更改 /etc/ssl/openssl.cnf
[system_default_sect]
#MinProtocol = TLSv1.2
#CipherString = DEFAULT@SECLEVEL=2
MinProtocol = None
CipherString = DEFAULT
但没有效果,我无法控制远程站点,所以我无法更改 DH 密钥
另见相关的 Debian 错误:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907788
系统信息:
ruby version: ruby 2.5.5p157 (2019-03-15 revision 67260) [x86_64-linux-gnu]
savon version: 2.12.0
我也在这里输入了一个问题https://github.com/savonrb/savon/issues/914
加油! /etc/ssl/openssl.cnf 中的更改需要重新启动 ruby 进程,重新启动后错误消失!
升级到 Debian Buster 后,Savon 失败并显示:
SSL_connect returned=1 errno=0 state=error: dh key too small
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi/adapter/net_http.rb:51:in `rescue in request'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi/adapter/net_http.rb:30:in `request'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi.rb:161:in `request'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi.rb:133:in `post'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/operation.rb:94:in `block in call_with_logging'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/request_logger.rb:12:in `log'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/operation.rb:94:in `call_with_logging'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/operation.rb:54:in `call'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/client.rb:36:in `call'
我尝试通过更改 /etc/ssl/openssl.cnf
[system_default_sect]
#MinProtocol = TLSv1.2
#CipherString = DEFAULT@SECLEVEL=2
MinProtocol = None
CipherString = DEFAULT
但没有效果,我无法控制远程站点,所以我无法更改 DH 密钥 另见相关的 Debian 错误: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907788
系统信息:
ruby version: ruby 2.5.5p157 (2019-03-15 revision 67260) [x86_64-linux-gnu]
savon version: 2.12.0
我也在这里输入了一个问题https://github.com/savonrb/savon/issues/914
加油! /etc/ssl/openssl.cnf 中的更改需要重新启动 ruby 进程,重新启动后错误消失!