[Python] requests.exceptions.SSLError DH_KEY_TOO_SMALL

Dobro jutro.

Evo, fantje in dekline, en info okrog omenjenega error-ja.

Ena izmed rešitev je nastavitev openssl.cnf fajla, da so "nižji" nivoji enkripcije sprejemljivi.

Zadevo sem zasledil, ko sem naletel na spletno trgovino, ki nima zgledno urejenih SSL/TLS nastavitev:

https://www.ssllabs.com/ssltest/analyze...

Dodatne informacije:

https://stackoverflow.com/questions/380...

https://askubuntu.com/questions/1233186...

Rešitev:

Path: /etc/ssl/openssl.cnf

Config:

 # Use this in order to automatically load providers.
#openssl_conf = openssl_init
openssl_conf = default_conf

[default_conf]

ssl_conf = ssl_sect

[ssl_sect]

system_default = system_default_sect

[system_default_sect]
# requests.exceptions.SSLError: HTTPSConnectionPool(host='naturinka.cz', port=443):
#   Max retries exceeded with url: / (Caused by SSLError(SSLError(1, '[SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:992)')))
# https://stackoverflow.com/questions/38015537/python-requests-exceptions-sslerror-dh-key-too-small
# https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level
MinProtocol = TLSv1.2
CipherString = DEFAULT@SECLEVEL=1