Magnus Hagander <magnus@hagander.net> writes:
> On Fri, Dec 19, 2014 at 11:52 AM, Christoph Berg <cb@df7cb.de> wrote:
>> Googling for "digest too big for rsa key" seems to indicate that this
>> problem occurs when you are using (client?) certificates with short
>> RSA keys. 512 bits is most often cited in the problem reports,
>> something like 768 is around the minimum size that works, and of
>> course, anything smaller than 1024 or really 1536 (or 2048) bits is
>> too small for today's crypto standards.
>>
>> So the question here is if this is also the problem you saw - are you
>> using client or server certificates with short keys?
>>
>> What this explanation doesn't explain is why the problem occurs with
>> 9.4's libpq5 while it works with 9.3's. The libssl version used for
>> building these packages should really be the same, 9.3.5-2.pgdg70+1
>> was built just two days ago as well.
> Some googling shows that this could be because it's negotiating TLS 1.2
> which the key is just too small for. And we did change that in 9.4 - commit
> 326e1d73c476a0b5061ef00134bdf57aed70d5e7 disabled SSL in favor of always
> using TLS for security reasons.
Hm ... the 9.4 release notes fail to describe that change adequately, and
certainly don't mention that it would have any compatibility implications.
Guess that needs to be fixed. Does anyone know offhand what the change in
the minimum key length is across SSL/TLS versions, exactly?
regards, tom lane