When I tried SSL communication using Python's third party API on Ubuntu 20.04, the following error occurred. It seems to happen on Ubuntu 20.04.
(Caused by SSLError(SSLError(1, '[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1123)')
I will summarize the solution by referring to the QA below. https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
Check the location directory of the openssl config file with the following command.
% openssl version -d
By the way, it is generally under "/ usr / lib / ssl".
Add the following line to the beginning of the file and save.
openssl_conf = default_conf
Next, add the following to the end of the file.
[ default_conf ]
ssl_conf = ssl_sect
[ssl_sect]
system_default = system_default_sect
[system_default_sect] MinProtocol = TLSv1.2 CipherString = DEFAULT:@SECLEVEL=1
What this is doing is lowering the security level of OpenSSL encryption. This alone should enable SSL communication.
Directly editing the config file under / usr / lib / ssl affects the entire Linux system. If you want to localize the effect when logging in as a specific user, add the following environment variables to .bashrc.
export OPENSSL_CONF=/path/to/my/openssl.cnf
It seems that the cause is that the default setting of Debine type OpenSSL has become more secure. This is the background that became secure. (English) https://weakdh.org/
A brief overview reveals a vulnerability in the key exchange algorithm used by SSL. A DH_KEY_TOO_SMALL error occurs when trying SSL communication corresponding to the vulnerability.
The fundamental solution is to improve the security on the server side, but this time it is impossible because a third party API is used. Therefore, the method of changing the security level described above was adopted.