[stunnel-users] RSA too big problem

• Previous message (by thread): [stunnel-users] RSA too big problem
• Next message (by thread): [stunnel-users] stunnel on Windows Client: Changing active network interface (wired, wireless)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Hi, I upgraded my Stunnel server machine to CentOS 6.8 and post upgrade
> , the stunnel too got upgraded to stunnel 4.29 on
> x86_64-redhat-linux-gnu with OpenSSL 1.0.1e-fips 11 Feb 2013 .
>
> Now since then many of the stunnel client using newer stunnel client
> (those uses TLSv1.2 for Negotiation) are not able to connect .
>
> I get below error on the server in logs
> RSA_sign:digest too big for rsa key:rsa_sign’

Hello,
The negotiated TLSv1.2 digest produces output that is too wide to be 
signed with an RSA 512-bit private key. Moreover, the 512-bit keys are 
highly susceptible to breaking. The key should be at least 1024-bits, 
and in many cases stronger. Most standards now suggest 1024-bits is the 
bare minimum and 2048-bits recommended.

Regards.

• Previous message (by thread): [stunnel-users] RSA too big problem
• Next message (by thread): [stunnel-users] stunnel on Windows Client: Changing active network interface (wired, wireless)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]