generated new weak key, cert and try to use it with current cosmic's openssl and succeed:
# openssl genrsa -des3 -out myCA.key 600 # openssl req -x509 -new -nodes -key myCA.key -sha256 -days 1825 -out myCA.pem # openssl s_server -cert myCA.pem -key myCA.key -WWW # wget --ca-certificate myCA.pem https://localhost:4433 --2019-04-11 16:18:41-- https://localhost:4433/ Resolving localhost (localhost)... ::1, 127.0.0.1 Connecting to localhost (localhost)|::1|:4433... connected. HTTP request sent, awaiting response... 200 ok Length: unspecified [text/plain] Saving to: 'index.html.2' index.html.2 [ <=> ] 237 --.-KB/s in 0s 2019-04-11 16:18:41 (15.6 MB/s) - 'index.html.2' saved [237] # dpkg -l | grep libssl ii libssl1.1:amd64 1.1.1-1ubuntu2 Upgraded to: # dpkg -l | grep libssl ii libssl1.1:amd64 1.1.1-1ubuntu2.2 And now wget fails with too small key error, whilst the s_server is still running: # wget --ca-certificate myCA.pem https://localhost:4433 --2019-04-11 16:20:09-- https://localhost:4433/ Resolving localhost (localhost)... ::1, 127.0.0.1 Connecting to localhost (localhost)|::1|:4433... connected. ERROR: cannot verify localhost's certificate, issued by 'CN=localhost,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU': EE certificate key too weak To connect to localhost insecurely, use `--no-check-certificate'. ** Tags removed: verification-needed verification-needed-cosmic ** Tags added: verification-done verification-done-cosmic -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1822984 Title: revert tls security level back to 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1822984/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
