2019-09-16T21:02:42

Failed to set DH parameters…

Had some trouble getting new local version of AnyEvent::HTTP work under Debian Buster.

$ whichpm AnyEvent::HTTP
…/perl5/lib/perl5/AnyEvent/HTTP.pm 2.24
$ whichpm AnyEvent::TLS
…/perl5/lib/perl5/x86_64-linux-gnu-thread-multi/AnyEvent/TLS.pm 7.15
$ perl -lE 'use AnyEvent::HTTP qw(http_get); $cv=AE::cv; http_get("https://google.com", sub {$cv->send}, sub {$cv->send}); $cv->recv'
EV: error in callback (ignoring): dh params schmorp1539: failed to set DH parameters at …/perl5/lib/perl5/AnyEvent/HTTP.pm line 850.

After searching and finding, I've tried with "original" Debian AnyEvent::* modules, and these worked, so I looked for patches and indeed there was one that fixed it:

$ cat libanyevent-perl-7.140/debian/patches/dh-2048.patch 
Description: Use 2048-bit DH keys by default.
 It is a sensible size nowadays; also, the Debian package of OpenSSL 1.1
 no longer accepts smaller DH keys in its default configuration.
Bug-Debian: https://bugs.debian.org/923615
Forwarded: no
Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Last-Update: 2019-03-02

--- a/lib/AnyEvent/TLS.pm
+++ b/lib/AnyEvent/TLS.pm
@@ -472,7 +472,7 @@
 =item dh => $string
 
 Specify the Diffie-Hellman parameters in PEM format directly as a string
-(see C<dh_file>), the default is C<schmorp1539> unless C<dh_file> was
+(see C<dh_file>), the default is C<schmorp2048> unless C<dh_file> was
 specified.
 
 AnyEvent::TLS supports supports a number of precomputed DH parameters,
@@ -631,7 +631,7 @@
       $dh_bio = Net::SSLeay::BIO_new_file ($dh_file, "r")
          or croak "$dh_file: failed to open DH parameter file: $!";
    } else {
-      $arg{dh} = "schmorp1539" unless exists $arg{dh};
+      $arg{dh} = "schmorp2048" unless exists $arg{dh};
 
       if (defined $arg{dh}) {
          $dh_file = "dh string";

Which made it work again.

comments powered by Disqus