SSL routines:tls_process_ske_dhe:dh key too small

Hi, I have this error write EPROTO 140472873445248:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:…/deps/openssl/openssl/ssl/statem/statem_clnt.c:2157 when trying to work with some private keys. I had the same issue locally and I fix it by updating the TLS version to 1.0 by doing sed -i 's/TLSv1.2/TLSv1.0/g' /etc/ssl/openssl.cnf

How can I do this on my render service?

Hey @tafelito,

Can you share more about what you’re trying to do? Render automatically terminates SSL at the load balancer, so your application will receive an unencrypted request and shouldn’t need to manage any SSL configurations to handle web traffic.

hey @jake , thanks for the quick response. My issue is not at the request level. Our app has a signature verification process where the private keys and certificates are given to us and apparently those keys were generated with a shorter length than the TLSv1.2 & SECLEVEL 2 requires. I was able to find workaround by manually setting the OPENSSL_CONF env variable until we can ask for a new pair of key/cert

1 Like