after upgrading to Debian Buster, Savon fails with:
SSL_connect returned=1 errno=0 state=error: dh key too small
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi/adapter/net_http.rb:51:in `rescue in request'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi/adapter/net_http.rb:30:in `request'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi.rb:161:in `request'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/httpi-2.4.4/lib/httpi.rb:133:in `post'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/operation.rb:94:in `block in call_with_logging'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/request_logger.rb:12:in `log'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/operation.rb:94:in `call_with_logging'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/operation.rb:54:in `call'
/var/www/ws/capistrano/shared/bundle/ruby/2.5.0/gems/savon-2.12.0/lib/savon/client.rb:36:in `call'
I tried by changing /etc/ssl/openssl.cnf
[system_default_sect]
#MinProtocol = TLSv1.2
#CipherString = DEFAULT@SECLEVEL=2
MinProtocol = None
CipherString = DEFAULT
but has no effect, I have no control over the remote site so I can't change DH key see also related Debian bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907788
System information:
ruby version: ruby 2.5.5p157 (2019-03-15 revision 67260) [x86_64-linux-gnu]
savon version: 2.12.0
I've also entered an issue here https://github.com/savonrb/savon/issues/914
ups! changes in /etc/ssl/openssl.cnf required to restart ruby processes, after restarting error is gone!