Debian buster : EE certificate key too weak

Question

Hello,  
I tested yesterday the Debian Buster 10 with a connection to DocumentDB with pymongo (python3).  
  
I got an error with openssl that failled any connection to DocumentDB :   
  
pymongo.errors.ServerSelectionTimeoutError: docdb-XXXXXXXX.eu-west-1.docdb.amazonaws.com:27017: \[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: EE certificate key too weak (_ssl.c:1076)  
  
openssl version 1.1.1  
  
Do you know if the certificate will be updated or if it requires to configure openssl to not get this exception?  
  
Regards

Answer

We are in the process of upgrading our root certificate. In the meantime, depending on your requirements, an additional option is to modify (/etc/ssl/openssl.cnf) from “CipherString = DEFAULT@SECLEVEL=2” to “CipherString = DEFAULT@SECLEVEL=1”

Debian buster : EE certificate key too weak

相關內容