Laradock and OpenSSL: dh key too small

Question

I have a project made with Laradock. If I try to send an email with Laravel, it returns this error:

Connection could not be established with host out.postassl.it :stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

Outstide the docker, it works, so I think the problem is in some docker container. This is the nginx.conf:

...
ssl_dhparam /etc/letsencrypt/dhparam.pem #4096
  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  ssl_ciphers  'HIGH:!kRSA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-$
  ssl_prefer_server_ciphers on;
...

default.conf:

...
server {
    listen 443 ssl;
    server_name example.com;
    root /var/www/public;
    index index.php index.html index.htm;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
...
}
...

How I can solve the error? Thanks!

Answer 1

I came across this problem in development aswell.

You can solve the problem by lowering the TLS security settings in the php-fpm service

1. docker-compose exec php-fpm bash
2. root@8d1d14a86c67:/var/www# apt-get update && apt-get install vim -y
3. vi /etc/ssl/openssl.cnf
4. Change TLSv1.2 to TLSv1 and DEFAULT@SECLEVEL=2 to DEFAULT@SECLEVEL=1
5. Save file with CTRL + ZZ
6. restart php-fpm docker-compose restart php-fpm