[asterisk-bugs] [JIRA] (ASTERISK-28750) TLS/SSL Key too small error

Asterisk Team (JIRA) noreply at issues.asterisk.org
Wed Feb 19 08:17:25 CST 2020 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=249794#comment-249794 ] 

Asterisk Team commented on ASTERISK-28750:
------------------------------------------

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.

> TLS/SSL Key too small error
> ---------------------------
>
>                 Key: ASTERISK-28750
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28750
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Core/HTTP
>    Affects Versions: 17.2.0
>            Reporter: Martin Zeh
>            Severity: Minor
>              Labels: webrtc
>
> Setup error while following documentation:
> "Configuring Asterisk for WebRTC Clients"
> contrib/scripts/ast_tls_cert does not generate a valid key
> For my self compiled asterisk 17.2.0 the generated certificate and key is too small. The key is only 1024 bytes and this is not enough for the openssl version i linked to the asterisk.
> So I want to request two enhancements:
> 1) amend the script "contrib/scripts/ast_tls_cert" to generate at least 2048 long keys - this is done by replace 1024 with 2048 in the script.
> 2) amend the source code tcptls.c 
>     The openssl function SSL_CTX_use_certificate_chain_file return an error, but the error is not printed to the logging facility.
> The user only see the error message 
> tcptls.c: TLS/SSL error loading cert file
> but not the reason - in my case: "SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:"



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list