Quick Links

Re: SSL tests failing with "ee key too small" error on Debian SID

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>
Cc:	Kyotaro HORIGUCHI <horiguchi(dot)kyotaro(at)lab(dot)ntt(dot)co(dot)jp>, michael(at)paquier(dot)xyz, pgsql-hackers(at)postgresql(dot)org, hlinnaka(at)iki(dot)fi
Subject:	Re: SSL tests failing with "ee key too small" error on Debian SID
Date:	2018-11-27 14:37:17
Message-ID:	32191.1543329437@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
> On 01/10/2018 14:18, Kyotaro HORIGUCHI wrote:
>> The attached second patch just changes key size to 2048 bits and
>> "ee key too small" are eliminated in 001_ssltests_master, but
>> instead I got "ca md too weak" error. This is eliminated by using
>> sha256 instead of sha1 in cas.config. (third attached)

> I have applied these configuration changes and created a new set of test
> files with them.

Buildfarm critters aren't going to be happy unless you back-patch that.

regards, tom lane

In response to

Re: SSL tests failing with "ee key too small" error on Debian SID at 2018-11-27 14:24:26 from Peter Eisentraut

Responses

Re: SSL tests failing with "ee key too small" error on Debian SID at 2018-11-27 21:05:39 from Michael Paquier

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Stephen Frost	2018-11-27 14:39:23	Re: pgsql: Integrate recovery.conf into postgresql.conf
Previous Message	Peter Eisentraut	2018-11-27 14:36:59	Re: Continue work on changes to recovery.conf API