[asterisk-bugs] [JIRA] (ASTERISK-28750) TLS/SSL Key too small error

Asterisk Team (JIRA) noreply at issues.asterisk.org
Wed Sep 9 11:14:47 CDT 2020


     [ https://issues.asterisk.org/jira/browse/ASTERISK-28750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Asterisk Team updated ASTERISK-28750:
-------------------------------------

    Target Release Version/s: 18.0.0

> TLS/SSL Key too small error
> ---------------------------
>
>                 Key: ASTERISK-28750
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28750
>             Project: Asterisk
>          Issue Type: Improvement
>      Security Level: None
>          Components: Core/HTTP
>    Affects Versions: 17.2.0
>            Reporter: Martin Zeh
>            Assignee: Sean Bright
>            Severity: Minor
>              Labels: patch, webrtc
>      Target Release: 13.32.0, 16.9.0, 17.3.0, 18.0.0
>
>         Attachments: 0001-tcptls.c-Log-more-informative-OpenSSL-errors.patch
>
>
> Setup error while following documentation:
> "Configuring Asterisk for WebRTC Clients"
> contrib/scripts/ast_tls_cert does not generate a valid key
> For my self compiled asterisk 17.2.0 the generated certificate and key is too small. The key is only 1024 bytes and this is not enough for the openssl version i linked to the asterisk.
> So I want to request two enhancements:
> 1) amend the script "contrib/scripts/ast_tls_cert" to generate at least 2048 long keys - this is done by replace 1024 with 2048 in the script.
> 2) amend the source code tcptls.c 
>     The openssl function SSL_CTX_use_certificate_chain_file return an error, but the error is not printed to the logging facility.
> The user only see the error message 
> tcptls.c: TLS/SSL error loading cert file
> but not the reason - in my case: "SSL routines:SSL_CTX_use_certificate:ee key too small:../ssl/ssl_rsa.c:310:"



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list