How to resolve : DH key too small in Ubuntu

When we use Curl or a curl library to some https website – we receive this error ” error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small”

This is because Ubuntu set the SSL at a higher level of security – the target website is still using the old settings – if we can’t control the destination server, then we have to change our client – meaning we have to lower our security standard. this is how you can do it.

In /etc/ssl/openssl.cnf, add this line before the start of the file:

openssl_conf = default_conf

At the end of the file, add these lines:

ssl_conf = ssl_sect

system_default = system_default_sect

CipherString = DEFAULT:@SECLEVEL=1

Leave a Reply

Your email address will not be published. Required fields are marked *