Month: August 2015

Socat SSL – SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

On By MuttiIn Random1 Comment

Introduction

I ran into some trouble when trying to get socat working with openssl and DH key sizes being reported too small and this is how I resolved it.

I was running latest Kali 2.0 and tried setting up socat with ssl.

http://www.dest-unreach.org/socat/doc/socat-openssltunnel.html

Generate a client certificate

$ FILENAME=server
$ openssl genrsa -out $FILENAME.key 1024Generate a self signed certificate:
$ openssl req -new -key $FILENAME.key -x509 -days 3653 -out $FILENAME.crtYou will be prompted for your country code, name etc.; you may quit all prompts with the enter key.
$ cat $FILENAME.key $FILENAME.crt >$FILENAME.pem
$ chmod 600 $FILENAME.key $FILENAME.pem

Generate a client certificate

$ FILENAME=client
$ socat openssl-listen:4433,reuseaddr,cert=$HOME/etc/server.pem,cafile=$HOME/etc/client.crt echo

$ socat stdio openssl-connect:server.domain.org:4433,cert=$HOME/etc/client.pem,cafile=$HOME/etc/server.crt

Received the following error, SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small.

Solution found here https://groups.google.com/forum/#!topic/ganeti/ds0TwfroS8A

Resolved by adding DH params to my server pem file.

openssl dhparam -out dhparams.pem 2048
cat dhparams.pem >> server.pem