SSL Error - oTree server setup on Ubuntu 20.4

[Domnica Dzitac]

Hi everyone,

Thanks for the great software!

We are trying to install oTree for in lab/online experiments and I have been allocated from IT a VMWare that runs Ubuntu 20.4.

I started installing oTree following these instructions, but when I set up the server with SSL by running ./1_continue_setup_ssl.sh as otree user, I have some of the tests failing with error:

ssl.SSLError: [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:3393) 

I understand this might be an issue caused by using the 20.4 version. Any advice on this?

Thanks in advance!

Best regards,

Domnica

 

[Max R. P. Grossmann]

Hi Domnica,

Are you using Ubuntu's self-signed certificate? I'm guessing that it has an insufficient key length. I would suggest to obtain a real X.509 certificate, e.g. through LetsEncrypt, which will be sufficiently long.

Best,

Max

On 21/11/14 04:51am, Domnica Dzitac wrote:
> Hi everyone,
>
> Thanks for the great software!
> We are trying to install oTree for in lab/online experiments and I have
> been allocated from IT a VMWare that runs Ubuntu 20.4.
> I started installing oTree following these instructions

> <https://otree-server-setup.readthedocs.io/en/latest/index.html>, but when

[Domnica Dzitac]

Hi Max,

Thank you for the answer! I am using a certificate given to me by the IT team from our university. They didn't really know how to help, so I solved the problem by reducing the security cipher to 1 from the default 2 in Ubuntu 20.4 (see solution).

I opened the ssl config file:

sudo nano /etc/ssl/openssl.cnf

In this file I added this line at the beginning:

openssl_conf = openssl_init

And then these lines at the end:

[openssl_init] 

ssl_conf = ssl_sect 

[ssl_sect] 

system_default = system_default_sect 

[system_default_sect] 

CipherString = DEFAULT@SECLEVEL=1

This might not be the best solution, but for now until IT gets back to me, I will go with it.

Many thanks,

Domnica