problem with wget command SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

Question

I want to check an ssl url but when i use the command:

/usr/sfw/bin/wget --no-check-certificate --secure-protocol=SSLv3 https://url

I obtain this error:

--2018-10-01 12:11:19--  https://url
Connecting to #:443... connected.
OpenSSL: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
Unable to establish SSL connection.

Is it possible to skip this control? I use: GNU Wget 1.18 built on solaris2.10. thanks

Answer 1

Here's a simple workaround for wget: use wget --cipher 'DEFAULT:!DH' in place of wget.

I put the following in my .aliases for the moment:

alias wget="wget --cipher 'DEFAULT:!DH' "

Answer 2

Is it possible to skip this control?

No, it is not. (Well, you can, but it's not reasonable, and it will likely create insecure connections. You'd have to download OpenSSL, make changes to the source code to remove the relevant security checks, and recompile your SSL libraries. Then create a proper environment to use those binaries. That is not something you want to do. Someone who has to ask this question should not be modifying OpenSSL and removing security checks...)

However, you can try to force wget to use a different cipher suite for the SSL connection, and depending on the server you may get a cipher suite that doesn't have the DH key problem.

Per the GNU wget manual:

‘--secure-protocol=protocol’

Choose the secure protocol to be used. Legal values are ‘auto’, ‘SSLv2’, ‘SSLv3’, ‘TLSv1’, ‘TLSv1_1’, ‘TLSv1_2’ and ‘PFS’. If ‘auto’ is used, the SSL library is given the liberty of choosing the appropriate protocol automatically, which is achieved by sending a TLSv1 greeting. This is the default.

Specifying ‘SSLv2’, ‘SSLv3’, ‘TLSv1’, ‘TLSv1_1’ or ‘TLSv1_2’ forces the use of the corresponding protocol. This is useful when talking to old and buggy SSL server implementations that make it hard for the underlying SSL library to choose the correct protocol version. Fortunately, such servers are quite rare.

Specifying ‘PFS’ enforces the use of the so-called Perfect Forward Security cipher suites. In short, PFS adds security by creating a one-time key for each SSL connection. It has a bit more CPU impact on client and server. We use known to be secure ciphers (e.g. no MD4) and the TLS protocol.

I'd recommend trying the PFS option first, then TLSv1_2, then TLSv1_1, and so forth, doing the most secure, latest options first. One of those might work.

If none of those work, get a copy of ssl_cipher_suite_enum.pl, run it against the server, give the results to the server adminsitrator, and tell him to update his outdated and insecure system.