OAuth2 期间出现 SSL 错误

支持 安装
1

关于此问题的帖子

已被关闭,但我仍在版本

2.4.0.beta8

中遇到此问题

问题发生在 oauth2 认证期间

Excon::Error::Socket (SSL_connect returned=1 errno=0 state=error: dh key too small (OpenSSL::SSL::SSLError))
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/ssl_socket.rb:125:in `connect_nonblock'

最后 14 行回溯信息:

/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/ssl_socket.rb:125:in `connect_nonblock'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/ssl_socket.rb:125:in `initialize'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:455:in `new'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:455:in `socket'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:116:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/mock.rb:56:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/instrumentor.rb:34:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/idempotent.rb:19:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/base.rb:22:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/middlewares/base.rb:22:in `request_call'
/var/www/discourse/vendor/bundle/ruby/2.6.0/gems/excon-0.64.0/lib/excon/connection.rb:270:in `request'
/var/www/discourse/plugins/discourse-oauth2-basic/plugin.rb:127:in `fetch_user_details'
/var/www/discourse/plugins/discourse-oauth2-basic/plugin.rb:164:in `after_authenticate'
/var/www/discourse/app/controllers/users/omniauth_callbacks_controller.rb:37:in `complete'

祝好,

Julian

2

在这种情况下,它不会影响电子邮件,但你在所链接的主题中提供的解释仍然适用。与 OAuth2 服务器的连接失败,因为 DH 密钥太小,因此被 OpenSSL 视为不安全。

你可以应用以下临时解决方法,但在 OAuth2 服务器上增加 DH 密钥大小才是唯一的解决方案。

3

抱歉,我忘了……现在问题来了……它对我已经不起作用了……
我对 /etc/ssl/openssl.cnf 进行了上述修改:

[system_default_sect]
MinProtocol = TLSv1.2
#CipherString = DEFAULT@SECLEVEL=2

然后我退出容器并执行了:

docker restart app

但之后错误日志中仍然出现相同的错误。

4

我刚才说的不准确,抱歉……现在的错误不同了:

Faraday::ConnectionFailed(连接被对端重置 - SSL_connect)
/usr/local/lib/ruby/2.6.0/net/protocol.rb:44:in `connect_nonblock’

5

非常奇怪 :frowning: … 我刚刚又试了一次,结果还是出现

“哎呀,支撑此讨论论坛的软件遇到了意外问题。对于给您带来的不便,我们深表歉意…”

随后我(出于 frustration :slight_smile: )按了几次“F5”刷新,突然屏幕变成了

抱歉,您的账户授权过程中出现错误。请重试。

然后我不得不通过 OAuth2 提供商的登录网站重新登录,接着又出现了“哎呀 ..”,再按一次 F5 后我就进去了…

呃 … 要么是我发现了一个严重的安全问题,要么只是时间同步的问题…

可能是后者…

有哪些超时设置是我可以尝试调整的?

谢谢,祝好!