control: unblock 907015 by 907788
On 2018-09-02 09:59:11 [+0200], VA wrote:
> Since openssl upgrade to 1.1.1~~pre9-1, curl is not able anymore to do
> requests to some sites. For example:
>
> % curl https://www.credit-cooperatif.coop/
> curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
>
> It used to work with curl, and it still works with wget (which uses gnutls).
>
> I suspect it's related to #907015.
I would close that if I were the curl maintainer. The remote site in the
example uses a small DH key [0]. If you can't get owner to upgrade the
site and want still to access the site I suggest to remove
CipherString = DEFAULT@SECLEVEL=2
from /etc/ssl/openssl.cnf.
[0] https://www.ssllabs.com/ssltest/analyze.html?d=www.credit-cooperatif.coop
Sebastian
