How to resolve : DH key too small in Ubuntu

When we use Curl or a curl library to some https website – we receive this error ” error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small”

This is because Ubuntu set the SSL at a higher level of security – the target website is still using the old settings – if we can’t control the destination server, then we have to change our client – meaning we have to lower our security standard. this is how you can do it.



In /etc/ssl/openssl.cnf, add this line before the start of the file:

openssl_conf = default_conf

At the end of the file, add these lines:

[default_conf]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
CipherString = DEFAULT:@SECLEVEL=1

Leave a Reply

Your email address will not be published. Required fields are marked *