On 09/04/2012 11:05, Surendra Singhi wrote:
> Package: nodejs
> Version: 0.6.14~dfsg1-1
> The bug in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051 also 
> effects nodejs, as it is not possible to use it to connect to Facebook, 
> Paypal, etc.
> A possible solution is to use an older version of openssl as a dependency.

Thank you !

It seems very much related to the discussion i had with RT,
see attached mail.

Jérémy.

--- Begin Message ---
> [kapo...@melix.org - Fri Mar 23 11:59:30 2012]:
> 
> Hi,
> after updating to openssl 1.0.1 (debian package), authentication
> against a test server
> with a 512 bit rsa key gives :
> 
> openssl s_client -connect 127.0.0.1:12346 -key /home/dev/agent1-
> key.pem -cert /home/dev/agent1-cert.pem
> ...
>     139860308645544:error:04075070:rsa routines:RSA_sign:digest too
> big for rsa key:rsa_sign.c:127:
>     139860308645544:error:14099006:SSL
> routines:SSL3_SEND_CLIENT_VERIFY:EVP lib:s3_clnt.c:2974:
> ...
> 
> Downgrading to openssl 1.0.0h fixes the issue.
> Please find attached the key/certificate.
> (they have been made for testing purpose).
> 
> I guess this is unexpected behavior, and i did not find any recent
> similar report.
> 

The reason for this is that OpenSSL 1.0.1 support TLS v1.2 and the
digest algorithm it uses by default is SHA512. A 512 bit RSA key is not
large enough for SHA512 so you get that error.

If you disable TLS v1.2 with -no_tls1_2 or use a larger key this wont
happen.

Use of 512 bit RSA keys is discouraged anyway for security reasons.

Steve.
-- 
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org


--- End Message ---
_______________________________________________
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to