[Pkg-openssl-devel] Bug#1012564: openssl: ckermit can't connect to telnetd-ssl with openssl 3.0.3-7

Arthur Marsh arthur.marsh at internode.on.net
Mon Jun 20 19:25:06 BST 2022 

----- Original Message -----
From: "Sebastian Andrzej Siewior" 
To:"Arthur Marsh" , 
Cc:
Sent:Mon, 20 Jun 2022 19:16:36 +0200
Subject:Re: Bug#1012564: openssl: ckermit can't connect to telnetd-ssl
with openssl 3.0.3-7

 On 2022-06-20 19:10:27 [+0200], To Arthur Marsh wrote:
 > I have here
 > telnet-ssl 0.17.41+0.2-3.3+b1
 > telnetd-ssl 0.17.41+0.2-3.3+b1
 > libssl3 3.0.3-8
 > openssl 3.0.3-8

 adding
 ckermit 305~alpha07-1+b1

When upgrading telnetd-ssl (017.41+0.2-3.3+b1) over
(0.17.41+0.2-3.3)I received the line:You already have
/etc/telnetd-ssl/telnetd.pem
After upgrading both telnetd-ssl as above and openssl (3.0.3-8) over
(3.0.3-6),I still had telnet-ssl localhost failing:$ telnet-ssl
localhost 
Trying ::1... 
Connected to localhost. 
Escape character is '^]'. 
Error loading CRT /etc/telnetd-ssl/telnetd.pem: , ee key too small 
do_ssleay_init() failed 
408788F4E87F0000:error:0A00018F:SSL
routines:SSL_CTX_use_certificate:ee key too 
small:../ssl/ssl_rsa.c:221: 
Connection closed by foreign host.ckermit run as a symbolic link from
telnet also was unsuccessful:$ telnet localhost 
 DNS Lookup...  Trying 127.0.0.1...  Reverse DNS Lookup... (OK) 
 localhost connected on port telnet 

?Connection closed by peer. 
can't open host connection 
Closing localhost:23...OK
I renamed /etc/telnetd-ssl/telnetd.pem to
/etc/telnetd-ssl/oldtelnetd-ssl.pem and re-installed
telnetd-ssl 0.17.41+0.2-3.3+b1telnetd-ssl still failed:$ telnet-ssl
localhost 
xprop:  unable to open display '127.0.0.1:0' 
Trying ::1.. 
Connected to localhost. 
Escape character is '^]'. 
telnetd: SSL required - connection rejected. 
Connection closed by foreign host.
but ckermit run as a symbolic link from telnet now works:$ telnet
localhost 
xprop:  unable to open display '127.0.0.1:0' 
 DNS Lookup...  Trying 127.0.0.1...  Reverse DNS Lookup... (OK) 
 localhost connected on port telnet 
Authenticating with SSL 
Warning: Server has a self-signed certificate 
[0] Certificate Subject= 
    O=Internet Widgits Pty Ltd 
    OU=am64 telnetd 
    CN=am64 
    emailAddress=root at am64 
[0] Certificate Issuer= 
    O=Internet Widgits Pty Ltd 
    OU=am64 telnetd 
    CN=am64 
    emailAddress=root at am64 
Continue? (Y/N) y 
[TLS - TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any
     Au=any   Enc=AESGCM(25
6)            Mac=AEAD 
Compression: None 
Password:
This solves the issue I was having and the
/etc/telnetd-ssl/telnetd.pem "ee key too small" may be a clue to what
was causing problems for me.Thanks for your time looking at
this.Arthur Marsh.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20220621/80a092a3/attachment.htm>

More information about the Pkg-openssl-devel mailing list