pythonopensslzeep

How to fix SSL issue SSL_CTX_use_certificate : ca md too weak on Python Zeep


my code was working before until i got this error whenever i make SOAP requests to Frontierlink Web Service.

File "/home/venv/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)

OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_use_certificate', 'ca md too weak')]

Do i need to regenerate the pem file that im using to connect or the issue is on the .p12 file that i have used to generate the pem file?

Let me know if you need more info on my issue.

Notes:

OpenSSL Version that im using is : OpenSSL 1.0.2k-fips

Thank you in advance!


Solution

  • The error message you are getting indicates that the certificate you are using is signed with an md5 hash.

    OpenSSL 1.1.0 has introduced a new feature called security level.
    The default setting of 1 will cause the following (emphasis by me):

    The security level corresponds to a minimum of 80 bits of security. Any parameters offering below 80 bits of security are excluded. As a result RSA, DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are prohibited. All export cipher suites are prohibited since they all offer less than 80 bits of security. SSL version 2 is prohibited. Any cipher suite using MD5 for the MAC is also prohibited.

    You may need to regenerate the certificate and use a stronger hash to sign, for example SHA1.

    Judging from the forum post at OpenSSL Users this problem may be occurring now because the service you are attempting to connect to has upgraded their version of OpenSSL and it is now rejecting your certificate.