I practicing on OpenSSL and Nginx.
I created my local root CA, and used it to sign my local server.
I made sure to use SHA3-512 to sign any certificate, it is indicated in my openssl.cnf file
default_md = sha3-256
When I run sudo nginx -t
however, I get this
024/08/16 18:59:19 [emerg] 26144#26144: SSL_CTX_use_certificate("/etc/nginx/pki/pkix/rootCA/certs/server.pem") failed (SSL: error:0A00018E:SSL routines::ca md too weak)
I cannot see how SHA3-256 is weak!
Here are the ciphers of my nginx.conf just in case the issue is with them.
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384; # I remember that Nginx did not accept my cipher suit, so i replaced it with this, and then forced my own ciphersuit in the next line. I read this as a solution in another question. ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256; ssl_prefer_server_ciphers on;
I tried to add that line in openssl to set the secrity level to Zero. It did not work. I added it to the /usr/lib/ssl/openssl.cnf
file, and on my local file. It didn’t help. I did not try to set it to zero then sign the certificate.
I tried to set the nginx.conf
file’s cipher suit to the normal one, that is, ssl_ciphers XYZ
without the other two lines. It did not help.
GuteShel is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.