Socat SSL – SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small


I ran into some trouble when trying to get socat working with openssl and DH key sizes being reported too small and this is how I resolved it.

I was running latest Kali 2.0 and tried setting up socat with ssl.

Generate a client certificate

$ FILENAME=server
$ openssl genrsa -out $FILENAME.key 1024Generate a self signed certificate:
$ openssl req -new -key $FILENAME.key -x509 -days 3653 -out $FILENAME.crtYou will be prompted for your country code, name etc.; you may quit all prompts with the enter key.
$ cat $FILENAME.key $FILENAME.crt >$FILENAME.pem
$ chmod 600 $FILENAME.key $FILENAME.pem

Generate a client certificate

$ FILENAME=client
$ socat openssl-listen:4433,reuseaddr,cert=$HOME/etc/server.pem,cafile=$HOME/etc/client.crt echo

$ socat stdio,cert=$HOME/etc/client.pem,cafile=$HOME/etc/server.crt

Received the following error, SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small.

Solution found here!topic/ganeti/ds0TwfroS8A

Resolved by adding DH params to my server pem file.

openssl dhparam -out dhparams.pem 2048
cat dhparams.pem >> server.pem