Erreur SSL lors de l'OAuth2

Soutien Installation
1

Ce post

à ce sujet a été fermé, mais je rencontre toujours ce problème dans la version

2.4.0.beta8

Cela se produit lors de l’authentification OAuth2

Excon::Error::Socket (SSL_connect returned=1 errno=0 state=error: dh key too small (OpenSSL::SSL::SSLError))
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/ssl_socket.rb:125:in `connect_nonblock'

Dernières 14 lignes de la trace d’appel :

/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/ssl_socket.rb:125:in `connect_nonblock'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/ssl_socket.rb:125:in `initialize'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:455:in `new'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:455:in `socket'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:116:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/mock.rb:56:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/instrumentor.rb:34:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/idempotent.rb:19:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/base.rb:22:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/base.rb:22:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:270:in `request'
/var/www/discourse/plugins/discourse-oauth2-basic/plugin.rb:127:in `fetch_user_details'
/var/www/discourse/plugins/discourse-oauth2-basic/plugin.rb:164:in `after_authenticate'
/var/www/discourse/app/controllers/users/omniauth_callbacks_controller.rb:37:in `complete'

Cordialement,

Julian

2

It doesn’t affect email in this case, but the explanation I gave in the topic you linked stays the same. The connection to the OAuth2 server fails because the DH key is too small and therefore considered insecure by OpenSSL.

You can apply the following temporary workaround, but increasing the DH key size on the OAuth2 server is the only solution.

2 « J'aime »
3

sorry, I forgot … now the bad thing … it doesn´t work for me anymore …
I made the mentioned changes to /etc/ssl/openssl.cnf

[system_default_sect]
MinProtocol = TLSv1.2
#CipherString = DEFAULT@SECLEVEL=2

Then i left the container and did a

docker restart app

Afterwards I still got the same error in error logs

4

Didn´t say the truth, sorry… there error is not the same now:

Faraday::ConnectionFailed (Connection reset by peer - SSL_connect)
/usr/local/lib/ruby/2.6.0/net/protocol.rb:44:in `connect_nonblock’

5

Very strange :frowning: … I just tried it again, and again this

“Oops, The software powering this discussion forum encountered an unexpected problem. We apologize for the inconvenience…”

came up … Then I "F5"´ved a few times (out of frustration :slight_smile: ) and suddenly the screen changed to

Sorry, there was an error authorizing your account. Please try again.

Then I had to log in again over my oauth2 provider log in site, and then came the “Ops …” again, and after another F5 I was in …

Uhmm… either I found a serious security problem, or it´s just about timing …

Probably the latter …

What timeouts are there, that I could try to adjust ?

Thanks and cheers!