On 09/04/2012 11:05, Surendra Singhi wrote:
> Package: nodejs
> Version: 0.6.14~dfsg1-1
> The bug in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051 also
> effects nodejs, as it is not possible to use it to connect to Facebook,
> Paypal, etc.
> A possible solution is to use an older version of openssl as a dependency.
Thank you !
It seems very much related to the discussion i had with RT,
see attached mail.
Jérémy.
--- Begin Message ---
> [kapo...@melix.org - Fri Mar 23 11:59:30 2012]:
>
> Hi,
> after updating to openssl 1.0.1 (debian package), authentication
> against a test server
> with a 512 bit rsa key gives :
>
> openssl s_client -connect 127.0.0.1:12346 -key /home/dev/agent1-
> key.pem -cert /home/dev/agent1-cert.pem
> ...
> 139860308645544:error:04075070:rsa routines:RSA_sign:digest too
> big for rsa key:rsa_sign.c:127:
> 139860308645544:error:14099006:SSL
> routines:SSL3_SEND_CLIENT_VERIFY:EVP lib:s3_clnt.c:2974:
> ...
>
> Downgrading to openssl 1.0.0h fixes the issue.
> Please find attached the key/certificate.
> (they have been made for testing purpose).
>
> I guess this is unexpected behavior, and i did not find any recent
> similar report.
>
The reason for this is that OpenSSL 1.0.1 support TLS v1.2 and the
digest algorithm it uses by default is SHA512. A 512 bit RSA key is not
large enough for SHA512 so you get that error.
If you disable TLS v1.2 with -no_tls1_2 or use a larger key this wont
happen.
Use of 512 bit RSA keys is discouraged anyway for security reasons.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--- End Message ---
