You should be able to regenerate the certificates with a secure signing algorithm.   This thread has some other alternatives, like recompilining. OpenSSL with an insecure flag. 

apple-touch-icon@2.png
OpenSSL: error:0A00018E:SSL routines::ca md too weak
superuser.com


Sent from my iPad

On Apr 17, 2024, at 3:04 AM, Uwe Sauter <uwe.sauter.de@gmail.com> wrote:


Hi all, one of my Rocky Linux 8 servers was updated automatically to 2. 6. 7 this night from the Symas repo. The install script seems to include an automated restart of the service but that failed with: main: TLS init def ctx failed: -1 error: 0A00018E: SSL 
Hi all,

one of my Rocky Linux 8 servers was updated automatically to 2.6.7 this night from the Symas repo.
The install script seems to include an automated restart of the service but that failed with:

main: TLS init def ctx failed: -1 error:0A00018E:SSL routines::ca md too weak

As this is an internal network with a private CA the strength of the CA is of minor relevance.

I think the change comes with symas-openssl-libs-3.0.8-1.el8.x86_64…

Can anyone suggest a workaround (other than exchanging the CA and its issued certificates)?

Thanks,

	Uwe