[New-bugs-announce] [issue24985] Python install test fails - OpenSSL - "dh key too small"
John Nagle
report at bugs.python.org
Wed Sep 2 21:58:15 CEST 2015
New submission from John Nagle:
Installing Python 3.4.3 on a new CentOS Linux release 7.1.1503 server.
Started with source tarball, did usual ./configure; make; make test
SSL test fails with "dh key too small". See below.
OpenSSL has recently been modified to reject short keys, due to a security vulnerability. See
http://www.ubuntu.com/usn/usn-2639-1/
and see here for an analysis of the issue on a Python install:
http://www.alexrhino.net/jekyll/update/2015/07/14/dh-params-test-fail.html
Apparently the "dh512.pem" file in the test suite is now obsolete, because the minimum length dh key is now 768.
The question is, does this break anything else? Google for "dh key too small" and various other projects report problems.
======================================================================
ERROR: test_dh_params (test.test_ssl.ThreadedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/home/sitetruth/private/downloads/python/Python-3.4.3/Lib/test/test_ssl. py", line 2728, in test_dh_params
chatty=True, connectionchatty=True)
File "/home/sitetruth/private/downloads/python/Python-3.4.3/Lib/test/test_ssl. py", line 1866, in server_params_test
s.connect((HOST, server.port))
File "/home/sitetruth/private/downloads/python/Python-3.4.3/Lib/ssl.py", line 846, in connect
self._real_connect(addr, False)
File "/home/sitetruth/private/downloads/python/Python-3.4.3/Lib/ssl.py", line 837, in _real_connect
self.do_handshake()
File "/home/sitetruth/private/downloads/python/Python-3.4.3/Lib/ssl.py", line 810, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSL_NEGATIVE_LENGTH] dh key too small (_ssl.c:600)
----------------------------------------------------------------------
Ran 99 tests in 12.012s
FAILED (errors=1, skipped=4)
test test_ssl failed
make: *** [test] Error 1
======================================================================
----------
components: Installation
messages: 249566
nosy: nagle
priority: normal
severity: normal
status: open
title: Python install test fails - OpenSSL - "dh key too small"
versions: Python 3.4
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue24985>
_______________________________________
More information about the New-bugs-announce
mailing list