On 09/04/2012 11:05, Surendra Singhi wrote:
> Package: nodejs
> Version: 0.6.14~dfsg1-1
> The bug in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=666051 also 
> effects nodejs, as it is not possible to use it to connect to Facebook, 
> Paypal, etc.
> A possible solution is to use an older version of openssl as a dependency.

Thank you !

It seems very much related to the discussion i had with RT,
see attached mail.


--- Begin Message ---
> [kapo...@melix.org - Fri Mar 23 11:59:30 2012]:
> Hi,
> after updating to openssl 1.0.1 (debian package), authentication
> against a test server
> with a 512 bit rsa key gives :
> openssl s_client -connect -key /home/dev/agent1-
> key.pem -cert /home/dev/agent1-cert.pem
> ...
>     139860308645544:error:04075070:rsa routines:RSA_sign:digest too
> big for rsa key:rsa_sign.c:127:
>     139860308645544:error:14099006:SSL
> routines:SSL3_SEND_CLIENT_VERIFY:EVP lib:s3_clnt.c:2974:
> ...
> Downgrading to openssl 1.0.0h fixes the issue.
> Please find attached the key/certificate.
> (they have been made for testing purpose).
> I guess this is unexpected behavior, and i did not find any recent
> similar report.

The reason for this is that OpenSSL 1.0.1 support TLS v1.2 and the
digest algorithm it uses by default is SHA512. A 512 bit RSA key is not
large enough for SHA512 so you get that error.

If you disable TLS v1.2 with -no_tls1_2 or use a larger key this wont

Use of 512 bit RSA keys is discouraged anyway for security reasons.

Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

--- End Message ---
Pkg-javascript-devel mailing list

Reply via email to