Laradock and OpenSSL: dh key too small

Question

Laradock and OpenSSL: dh key too small

2.2k views Asked by cent89 At 22 October 2020 at 15:52

I have a project made with Laradock. If I try to send an email with Laravel, it returns this error:

Connection could not be established with host out.postassl.it :stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

Outstide the docker, it works, so I think the problem is in some docker container. This is the nginx.conf:

...
ssl_dhparam /etc/letsencrypt/dhparam.pem #4096
  ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
  ssl_ciphers  'HIGH:!kRSA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-$
  ssl_prefer_server_ciphers on;
...

default.conf:

...
server {
    listen 443 ssl;
    server_name example.com;
    root /var/www/public;
    index index.php index.html index.htm;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
...
}
...

How I can solve the error? Thanks!

Original Q&A

There are 1 answers

**naT erraT** · Answer 1 · 2020-11-15 20:59:33

I came across this problem in development aswell.

You can solve the problem by lowering the TLS security settings in the php-fpm service

docker-compose exec php-fpm bash
root@8d1d14a86c67:/var/www# apt-get update && apt-get install vim -y
vi /etc/ssl/openssl.cnf
Change TLSv1.2 to TLSv1 and DEFAULT@SECLEVEL=2 to DEFAULT@SECLEVEL=1
Save file with CTRL + ZZ
restart php-fpm docker-compose restart php-fpm

TechQA.

Laradock and OpenSSL: dh key too small

There are 1 answers

Related Questions in LARAVEL

Related Questions in NGINX

Related Questions in OPENSSL

Related Questions in DIFFIE-HELLMAN

Related Questions in LARADOCK

Popular Questions

Popular Tags

Trending Questions