[stunnel-users] RSA too big problem

Małgorzata Olszówka Malgorzata.Olszowka at stunnel.org
Thu Feb 16 15:04:52 CET 2017

> Hi, I upgraded my Stunnel server machine to CentOS 6.8 and post upgrade
> , the stunnel too got upgraded to stunnel 4.29 on
> x86_64-redhat-linux-gnu with OpenSSL 1.0.1e-fips 11 Feb 2013 .
> Now since then many of the stunnel client using newer stunnel client
> (those uses TLSv1.2 for Negotiation) are not able to connect .
> I get below error on the server in logs
> RSA_sign:digest too big for rsa key:rsa_sign’

The negotiated TLSv1.2 digest produces output that is too wide to be 
signed with an RSA 512-bit private key. Moreover, the 512-bit keys are 
highly susceptible to breaking. The key should be at least 1024-bits, 
and in many cases stronger. Most standards now suggest 1024-bits is the 
bare minimum and 2048-bits recommended.


More information about the stunnel-users mailing list