На рабочем сервере SSL сертификат Let"s Encript
С рабочего сервера не отправляется почта.
Запустил вот этот модуль в консоли джанго
from django.core.mail import send_mail
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.goneo.de'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'web@mysite.com'
EMAIL_HOST_PASSWORD = '123456'
EMAIL_USE_TLS = True
send_mail("SUBJECT", "TXT-MSG", 'web@mysite.com', ['mymail@mail.ru'])выходит ошибка
>>> from prod.pedro import *
Traceback (most recent call last):
File "<console>", line 1, in <module>
File "/home/oleg/dj/ako/prod/pedro.py", line 10, in <module>
send_mail("SUBJECT", "TXT-MSG", 'web@mysite.com', ['mymail@mail.ru'])
File "/home/oleg/dj/venv/lib/python3.8/site-packages/django/core/mail/__init__.py", line 60, in send_mail
return mail.send()
File "/home/oleg/dj/venv/lib/python3.8/site-packages/django/core/mail/message.py", line 276, in send
return self.get_connection(fail_silently).send_messages([self])
File "/home/oleg/dj/venv/lib/python3.8/site-packages/django/core/mail/backends/smtp.py", line 102, in send_messages
new_conn_created = self.open()
File "/home/oleg/dj/venv/lib/python3.8/site-packages/django/core/mail/backends/smtp.py", line 67, in open
self.connection.starttls(keyfile=self.ssl_keyfile, certfile=self.ssl_certfile)
File "/usr/lib/python3.8/smtplib.py", line 774, in starttls
self.sock = context.wrap_socket(self.sock,
File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1108)На форуме обсуждаются какие-то решения по изменению конфига SSL понижая уровень безопасности протокола или выключая шифрование, что наверное является не совсем правильной практикой.
https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-levelС учетом моих нулевых познаний в этой области, пож-ста порекомендуйте решение, которое мог бы самостоятельно осуществить человек, увидевший Linux первый раз в жизни 3 недели назад.
Спасибо
root@kfw-20200818:~# openssl s_client -connect smtp.goneo.de:587 -starttls smtp
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
verify return:1
depth=0 CN = *.goneo.de
verify return:1
140708165027136:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small:../ssl/statem/statem_clnt.c:2149:
---
Certificate chain
0 s:CN = *.goneo.de
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGKTCCBRGgAwIBAgIQAbl+90iydskpf3rtFgFS6DANBgkqhkiG9w0BAQsFADBg
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZSYXBpZFNTTCBUTFMgUlNBIENBIEcx
MB4XDTIwMDMxMDAwMDAwMFoXDTIyMDUwOTEyMDAwMFowFTETMBEGA1UEAwwKKi5n
b25lby5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTOu4/ZvYhJ
UTASGuZuQATKU7RDGApaadTe1Qz+4V6WAhqZzMt7/8kPJ9MxvuBrCXBjDLCl+dON
dtZXR6ko2RGlN+qQqfeXGACOP1h+Qr6w+Bs1w4RIDVgXB3x4ooOTNyQ9xnGDFYsZ
Miwn85XFOYyW0MSjbvmkIPoSP+SBNZftcDk8JRQrKLAeNXfvcE0fXSvr28PNm5N3
YuWza9TMwEdj6NVO34wpsQw1n0eg8mfUEkHMlf0ED2QlmxMn9jg3wOxpk7Eivq/V
RxMcavMbvm75hYDRN/9QZyGU8TX4Crz1DCG5mkm9ImALqRQveN8B/0Mzt7mXDF57
Yh7iJr5R028CAwEAAaOCAygwggMkMB8GA1UdIwQYMBaAFAzbbIJJD0pnCrgU7nrE
SFKI61Y4MB0GA1UdDgQWBBR6jH0xGgUfVeE/ZOD0neU+z1GOKjAfBgNVHREEGDAW
ggoqLmdvbmVvLmRlgghnb25lby5kZTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9j
ZHAucmFwaWRzc2wuY29tL1JhcGlkU1NMVExTUlNBQ0FHMS5jcmwwTAYDVR0gBEUw
QzA3BglghkgBhv1sAQIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl
cnQuY29tL0NQUzAIBgZngQwBAgEwdgYIKwYBBQUHAQEEajBoMCYGCCsGAQUFBzAB
hhpodHRwOi8vc3RhdHVzLnJhcGlkc3NsLmNvbTA+BggrBgEFBQcwAoYyaHR0cDov
L2NhY2VydHMucmFwaWRzc2wuY29tL1JhcGlkU1NMVExTUlNBQ0FHMS5jcnQwCQYD
VR0TBAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYAu9nfvB+KcbWTlCOX
qpJ7RzhXlQqrUugakJZkNo4e0YUAAAFwxPpDSAAABAMARzBFAiEAssho8B4j5mjJ
TlAH8nm2Qn5GJIERYVxLTgRsCBnA3rQCIGfL2dSYrLHSgY/WmrNxkPF7Vr8K/ZU7
/xNZcC8qn/2+AHYAIkVFB1lVJFaWP6Ev8fdthuAjJmOtwEt/XcaDXG7iDwIAAAFw
xPpDdgAABAMARzBFAiEAtmnfoMCCSyBJBo987OAbHSyYgUaHnGlKRs9lLb6WzZUC
IGFJKiKoUVLzKiKqT3HtC5v65ZJbm1EjA3fg6peVzCiIAHYAUaOw9f0BeZxWbbg3
eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwxPpDlwAABAMARzBFAiEAkE+0qBlLZtbm
YkPWcoHyM5AqLLxnrq2C+7Qw7q8tPwkCICB5QfEzDaWb3VaF8XdEALhB3HYYTsyR
C/Wr6jwmM3VjMA0GCSqGSIb3DQEBCwUAA4IBAQB53aE9y+D/3C4VInshkL93ZKy2
sw2EimhSKQovrhnTYhWWficM0hFtkVxc7NIoc8e2vFia7e/2g9USglmNSgpSE81t
5DxOqAeYvXItm7jok81Sbj4dYM4ggsoWacktVvHWfRzxDCBL/RA5mGukmV8kz62R
kWd07Yc1pZjBwC4JcCaBC1n4oWm/tW49/Ydv9ZbKjmZp9+nB5AgZiDtkTHVgQaD7
tsmpOyZ1qAjx8kGJUHP4/A93O1Te/6/BrsBDg5uULOktZLS/vFOdDbG9PrWdcVS0
8A4Yi+FylNLHTQyNUBX17DDlxg+/E1IWLOFbyAzyBODPLPwNhS1XnpJR6FTs
-----END CERTIFICATE-----
subject=CN = *.goneo.de
issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = RapidSSL TLS RSA CA G1
---
No client certificate CA names sent
---
SSL handshake has read 3601 bytes and written 345 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1598779888
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
root@kfw-20200818:~#
Тема: Ubuntu 20.04.1 + Nginx + Django [SSL: DH_KEY_TOO_SMALL] (Прочитано 1066 раз)
