I wish it were that easy. Alas, it is not. The cipher suite selection is separate (and independent from certificate) in the handshake protocol. The DH error will prevent the client from even checking the certificate. (It is a little annoying that the SSL client will by default advertise a cipher that it won't accept but that is another issue...)
If the UserAgent included tls_ciphers as a TLS attribute as it does with tls_verify (via insecure) then this would be a non-issue. Unfortunately it does not and I can't find anywhere else along in the process that I can insert it. On Monday, April 29, 2019 at 7:01:01 PM UTC-5, Stefan Adams wrote: > If you're ok with Mojo::UserAgent not requiring a valid TLS certificate, > just set insecure to a true value. > > https://mojolicious.org/perldoc/Mojo/UserAgent#insecure > > # Disable TLS certificate verification for testing > say $ua->insecure(1)->get('https://127.0.0.1:3000')->result->code; > > > On Mon, Apr 29, 2019, 6:46 PM <[email protected] <javascript:>> wrote: > >> I'm running a web scraper against a large number of devices that use >> HTTPS for configuration and ran into an issue where some of the older >> devices select a cipher suite that causes the SSL client to dump out a 'dh >> key too short' error. >> I can get resolve it by changing the list of available ciphers by running >> perl in debug mode and adding $options{tls_ciphers} = 'DEFAULT:!DH' inside >> of UserAgent->_connect. >> I can't seem to find any way to get that value added to the IOLoop::TLS >> (other than manually breaking in and adding it) >> I'm admittedly a Mojo novice. Am I missing something obvious here or am >> I resigned to have to forego the ease of UserAgent and roll my own IOLoop >> client? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Mojolicious" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at https://groups.google.com/group/mojolicious. >> For more options, visit https://groups.google.com/d/optout. >> > -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
