[New-bugs-announce] [issue24985] Python install test fails - OpenSSL - "dh key too small"

John Nagle report at bugs.python.org
Wed Sep 2 21:58:15 CEST 2015 

New submission from John Nagle:

Installing Python 3.4.3 on a new CentOS Linux release 7.1.1503 server.
Started with source tarball, did usual ./configure; make; make test
SSL test fails with "dh key too small".  See below.

OpenSSL has recently been modified to reject short keys, due to a security vulnerability. See
  http://www.ubuntu.com/usn/usn-2639-1/
and see here for an analysis of the issue on a Python install:
  http://www.alexrhino.net/jekyll/update/2015/07/14/dh-params-test-fail.html

Apparently the "dh512.pem" file in the test suite is now obsolete, because the minimum length dh key is now 768.

The question is, does this break anything else?  Google for "dh key too small" and various other projects report problems. 


======================================================================
ERROR: test_dh_params (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/sitetruth/private/downloads/python/Python-3.4.3/Lib/test/test_ssl.       py", line 2728, in test_dh_params
    chatty=True, connectionchatty=True)
  File "/home/sitetruth/private/downloads/python/Python-3.4.3/Lib/test/test_ssl.       py", line 1866, in server_params_test
    s.connect((HOST, server.port))
  File "/home/sitetruth/private/downloads/python/Python-3.4.3/Lib/ssl.py", line        846, in connect
    self._real_connect(addr, False)
  File "/home/sitetruth/private/downloads/python/Python-3.4.3/Lib/ssl.py", line        837, in _real_connect
    self.do_handshake()
  File "/home/sitetruth/private/downloads/python/Python-3.4.3/Lib/ssl.py", line        810, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSL_NEGATIVE_LENGTH] dh key too small (_ssl.c:600)

----------------------------------------------------------------------
Ran 99 tests in 12.012s

FAILED (errors=1, skipped=4)
test test_ssl failed
make: *** [test] Error 1

======================================================================

----------
components: Installation
messages: 249566
nosy: nagle
priority: normal
severity: normal
status: open
title: Python install test fails - OpenSSL - "dh key too small"
versions: Python 3.4

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24985>
_______________________________________

More information about the New-bugs-announce mailing list