Timeline for OpenSSL: error:0A00018E:SSL routines::ca md too weak
Current License: CC BY-SA 4.0
12 events
when toggle format | what | by | license | comment | |
---|---|---|---|---|---|
Jul 12, 2023 at 22:37 | comment | added | DimeCadmium | I did not mean "even if it's using MD5" to exclude the possibility of the error message also applying to other digests than MD5, rather just using the "most broken" as an example. -- I imagine that "ca md" means "the MD signed by the CA", but I do not know. One thing OpenSSL is not known for, IMHO, is obvious error messages :) -- If the user cert isn't signed by a (trusted) CA, then you will either need to disable cert validation or pin it. In this case the sig algorithm on the cert doesn't technically matter, though I don't know how OpenSSL treats it. | |
Jun 28, 2023 at 11:30 | comment | added | 0xC0000022L | @DimeCadmium there's one flaw in this answer, which I noticed just now: it claims this is about ciphers being deemed insecure. That's simply wrong. It's not about ciphers at all. It's about cryptographic hash algorithms -- or in alternative lingo "message digests" -- not about the key ciphers. | |
Jun 28, 2023 at 11:28 | history | edited | 0xC0000022L | CC BY-SA 4.0 |
added 200 characters in body
|
Jun 28, 2023 at 11:26 | comment | added | 0xC0000022L |
@DimeCadmium md in the error message refers to "message digest" and isn't limited to the algorithms having that acronym in their name, e.g. MD5. It includes SHA-1, SHA-2 etc. When I read an error message such as error:0A00018E:SSL routines::ca md too weak , however, I expect that ca to have a meaning. I only figured that the user certificate was meant by inspecting the certificates, obviously. But I still wonder what ca means in the context of the error message. Of course the user certificate needn't be issued by a (self-signed or not) CA either, I reckon, but typically it would be.
|
|
Jun 27, 2023 at 17:41 | comment | added | DimeCadmium | @0xC0000022L - only the signature on the (non-CA) cert is relevant. Since the CA is self-signed and separately distributed to/trusted by all systems, its signature does not matter. | |
Jun 27, 2023 at 17:38 | comment | added | DimeCadmium | Not only is this the fullest answer (including advice to regenerate the certs if possible - although note that the CA is irrelevant and doesn't need to be regenerated even if it's using MD5), but it's also the first answer to have the solution. I'm not sure why the other answer is higher voted. | |
Jun 27, 2023 at 8:56 | comment | added | 0xC0000022L |
@mtak I interpret this the same as you, but in my case I get Signature Algorithm: sha256WithRSAEncryption and since it is a self-signed CA, there is no certificate chain with weaker algos either. Mysterious. However, the user cert uses SHA1 in my case (Signature Algorithm: sha1WithRSAEncryption ).
|
|
Aug 15, 2022 at 13:39 | comment | added | Alexei | I fixed the problem. See my answer | |
Aug 15, 2022 at 8:46 | comment | added | mtak | That is extremely sanitized, and not very useful :) . Please post the output with just identifying marks removed (subject, issuer, that sort of stuff). | |
Aug 15, 2022 at 7:54 | comment | added | mtak |
Can you add to the question a sanitized version of openssl x509 -text -in ca.crt ?
|
|
Aug 15, 2022 at 7:49 | comment | added | Alexei | This "tls-cipher "DEFAULT:@SECLEVEL=0"" not help | |
Aug 15, 2022 at 7:15 | history | answered | mtak | CC BY-SA 4.0 |