Hi, I upgraded my Stunnel server machine to CentOS 6.8 and post upgrade
, the stunnel too got upgraded to stunnel 4.29 on
x86_64-redhat-linux-gnu with OpenSSL 1.0.1e-fips 11 Feb 2013 .
Now since then many of the stunnel client using newer stunnel client
(those uses TLSv1.2 for Negotiation) are not able to connect .
I get below error on the server in logs
RSA_sign:digest too big for rsa key:rsa_sign’
Hello,
The negotiated TLSv1.2 digest produces output that is too wide to be
signed with an RSA 512-bit private key. Moreover, the 512-bit keys are
highly susceptible to breaking. The key should be at least 1024-bits,
and in many cases stronger. Most standards now suggest 1024-bits is the
bare minimum and 2048-bits recommended.
Regards.
_______________________________________________
stunnel-users mailing list
[email protected]
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
