Dear all,
at first a warning: the latest SL6 openssl security update
(openssl-1.0.1e-16.el6_5) refuses to work with 512-bit proxies. The
gridftp server on e.g. the cream node rejects requests afterwards. The
error message looks like this:
error: globus_ftp_control: gss_init_sec_context failed
globus_gsi_gssapi: SSLv3 handshake problems: Couldn't do ssl handshake
OpenSSL Error: s3_clnt.c:2985: in library: SSL routines, function SSL3_SEND_CLIENT_VERIFY: EVP lib
OpenSSL Error: rsa_sign.c:127: in library: rsa routines, function RSA_sign: digest too big for rsa key
During the investigation I found out that e.g. glite-ce-job-submit from
the EMI-2 UI (I don't have a EMI-3 UI here to check), produces 512-bit
delegation proxies by default when used with the '-a' switch. Is this a
known issue? Do I have a chance to overwrite the default key length for
the delegation proxies?
Cheers,
Andreas
--
| Andreas Haupt | E-Mail: [log in to unmask]
| DESY Zeuthen | WWW: http://www-zeuthen.desy.de/~ahaupt
| Platanenallee 6 | Phone: +49/33762/7-7359
| D-15738 Zeuthen | Fax: +49/33762/7-7216
|