EE_KEY_TOO_SMALL


Windows 11 + Python 3.10, ssl 加载了 1024-bit 的 证书和私钥。然后遇到了错误 EE_KEY_TOO_SMALL 。

> python3.10 proxy.py
Traceback (most recent call last):
  File "\proxy\proxy.py", line 11, in <module>
    server_context.load_cert_chain('../../docs/cert.pem', '../../docs/cert.key')
ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:3874)

尝试手动修改并加载 openssl.cnf ,无效。

由于是临时服务,只对内,所以简单粗暴

server_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
server_context.set_ciphers('ALL:@SECLEVEL=0')
server_context.load_cert_chain('../../docs/cert.pem', '../../docs/cert.key')

Python 3.10 的 OpenSSL 版本

>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.1.1s  1 Nov 2022'

Leave a Reply

Your email address will not be published. Required fields are marked *