This post
Since upgrading to 2.4.0.beta4, none of my installs that are using Rackspace for outgoing email have been able to send, well, outgoing email. Given that the outgoing email server is, again, Rackspace, I am going to presume that their SSL/TLS settings are correct (and, at any rate, they appear to work in every major email client). Perhaps this thread is related.
Although, after applying recent updates (I am unsure as to precisely which change), the error is no longer the same as that mentioned i…
about it has been closed, but I still encounter this problem in version
2.4.0.beta8
It´s happening during oauth2 authentication
Excon::Error::Socket (SSL_connect returned=1 errno=0 state=error: dh key too small (OpenSSL::SSL::SSLError))
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/ssl_socket.rb:125:in `connect_nonblock'
Last 14 lines of backtrace:
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/ssl_socket.rb:125:in `connect_nonblock'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/ssl_socket.rb:125:in `initialize'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:455:in `new'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:455:in `socket'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:116:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/mock.rb:56:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/instrumentor.rb:34:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/idempotent.rb:19:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/base.rb:22:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/base.rb:22:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:270:in `request'
/var/www/discourse/plugins/discourse-oauth2-basic/plugin.rb:127:in `fetch_user_details'
/var/www/discourse/plugins/discourse-oauth2-basic/plugin.rb:164:in `after_authenticate'
/var/www/discourse/app/controllers/users/omniauth_callbacks_controller.rb:37:in `complete'
Cheers,
Julian
gerhard
(Gerhard Schlager)
December 6, 2019, 12:41pm
2
It doesn’t affect email in this case, but the explanation I gave in the topic you linked stays the same. The connection to the OAuth2 server fails because the DH key is too small and therefore considered insecure by OpenSSL.
You can apply the following temporary workaround, but increasing the DH key size on the OAuth2 server is the only solution.
2 Likes
sorry, I forgot … now the bad thing … it doesn´t work for me anymore …
I made the mentioned changes to /etc/ssl/openssl.cnf
[system_default_sect]
MinProtocol = TLSv1.2
#CipherString = DEFAULT@SECLEVEL=2
Then i left the container and did a
docker restart app
Afterwards I still got the same error in error logs
Didn´t say the truth, sorry… there error is not the same now:
Faraday::ConnectionFailed (Connection reset by peer - SSL_connect)
/usr/local/lib/ruby/2.6.0/net/protocol.rb:44:in `connect_nonblock’
Very strange … I just tried it again, and again this
“Oops, The software powering this discussion forum encountered an unexpected problem. We apologize for the inconvenience…”
came up … Then I "F5"´ved a few times (out of frustration ) and suddenly the screen changed to
Sorry, there was an error authorizing your account. Please try again.
Then I had to log in again over my oauth2 provider log in site, and then came the “Ops …” again, and after another F5 I was in …
Uhmm… either I found a serious security problem, or it´s just about timing …
Probably the latter …
What timeouts are there, that I could try to adjust ?
Thanks and cheers!