0

I am using paho mqtt to send message with python3 on ubuntu 20.04. I am using ssl version 2

When i do :

client = mqtt.Client()
client.tls_set(ca_certs=CA_CERT, certfile=CLIENT_CERT, keyfile=CLIENT_KEY)
client.connect(HOST, 8883, 20)

I am getting this error:

     File "/usr/local/lib/python3.8/dist-packages/paho/mqtt/client.py", line 823, in tls_set
  context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:4046)

My private key is 1024 bits I can not change my client certificat.

Any workaround please ?

hardillb
  • 54,545
  • 11
  • 67
  • 105
karlos
  • 807
  • 1
  • 8
  • 38
  • Does this answer your question? [SSLError: \[SSL: EE\_KEY\_TOO\_SMALL\] ee key too small (\_ssl.c:4022) on Ubuntu when starting jupyter notebook](https://stackoverflow.com/questions/67753969/sslerror-ssl-ee-key-too-small-ee-key-too-small-ssl-c4022-on-ubuntu-when) – blurfus Sep 10 '21 at 16:22
  • no, because the solution propose to chnage the rsa key and i can not that in my case. – karlos Sep 10 '21 at 16:29

1 Answers1

0

You REALLY need to issue new private keys. What I'm about to suggest is only a temporary workaround.

The minimum allowed key size is controlled by the openssl config. You should be able to edit the `/etc/ssl/openssl.cnf file to add the following to the end:

[system_default_sect] 
CipherString = DEFAULT@SECLEVEL=1

https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level

https://wiki.debian.org/ContinuousIntegration/TriagingTips/openssl-1.1.1

hardillb
  • 54,545
  • 11
  • 67
  • 105