On 2018-08-29 11:38:54 [-0600], dann frazier wrote:
> > > error:141a318a:ssl routines:tls_process_ske_dhe:dh key too small
> > >
> > > I found that backporting bip 0.9.0~rc3-1 to jessie worked. I further found
> > > that just cherry-picking the following commit back to bip 0.8.9 seems to
> > > be
> > > sufficient:
> > >
> > > 39414f8 Handle OpenSSL version 1.1
> >
> > I just tried backporting commit 39414f8 to the bip version in stretch,
> > and it doesn't really fix the issue. There is probably some other commit
> > that is needed.
>
> I literally poked that patch into debian/patches{/series}, quilt
> applied it and rebuilt, and it started working for me. Maybe there's
> something different about our configs?
May I ask what is the problem here is? It looks like DH key is less than
1024bits in size. This is not per-se an openssl problem but "policy"
(which could be changed but I suggest to update the key instead).
If there is anything that needs to be fixed in bip in order to work
(like missing SNI) then I would add a versioned BREAK to #907015 (after
an upload so please let me know).
Otherwise I would unbreak this bug with #907015.
Sebastian
