Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak #171

Closed
WorkHardes opened this issue Oct 21, 2021 · 2 comments
Closed

ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak #171

WorkHardes opened this issue Oct 21, 2021 · 2 comments

Comments

@WorkHardes
Copy link

WorkHardes commented Oct 21, 2021
edited by doronz88
Loading

Tested on

  • Ubuntu 20.04
  • Python 3.8.10
  • Pymobiledevice3 1.14.0
  • OpenSSL 1.1.1f
  • IPhone 5S
  • iOS 12.5.1

Bug description
My code:

from pymobiledevice3 import usbmux
from pymobiledevice3.lockdown import LockdownClient


devices = [d.serial for d in usbmux.list_devices()]
current_device_udid = devices[0]
device = LockdownClient(current_device_udid)

Code output

Traceback (most recent call last):
  File "tes.py", line 7, in <module>
    device = LockdownClient(current_device_udid)
  File "/home/admin1/.local/lib/python3.8/site-packages/pymobiledevice3/lockdown.py", line 78, in __init__
    if not self.validate_pairing():
  File "/home/admin1/.local/lib/python3.8/site-packages/pymobiledevice3/lockdown.py", line 196, in validate_pairing
    self.service.ssl_start(self.ssl_file, self.ssl_file)
  File "/home/admin1/.local/lib/python3.8/site-packages/pymobiledevice3/service_connection.py", line 117, in ssl_start
    context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [SSL: CA_MD_TOO_WEAK] ca md too weak (_ssl.c:4046)

It says that ssl certificate too weak. Please tell me what needs to be done to solve the problem.
@matan1008
Copy link
Collaborator

Thank you for your feedback!
Unfortunately my setup is a little bit different so I can't produce the error.

My setup consists of:

  • macOS 11.3
  • python 3.10 (I tested it with python 3.8 too)
  • pymobiledevice3 1.14.0
  • OpenSSL 1.1.1k
  • IPhone 6S (iOS 14.2) / IPhone 6S (iOS 10.3.1)

I recommend you update your OpenSSL. If the issue remains, perhaps you could try the following https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level.

If you happen to solve this issue without lowering the ssl security level, please keep us updated on how you did it.
In addition, we will highly appreciate it if you open a PR in that case.

@WorkHardes
Copy link
Author

Thank you for your feedback! Unfortunately my setup is a little bit different so I can't produce the error.

My setup consists of:

  • macOS 11.3
  • python 3.10 (I tested it with python 3.8 too)
  • pymobiledevice3 1.14.0
  • OpenSSL 1.1.1k
  • IPhone 6S (iOS 14.2) / IPhone 6S (iOS 10.3.1)

I recommend you update your OpenSSL. If the issue remains, perhaps you could try the following https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level.

If you happen to solve this issue without lowering the ssl security level, please keep us updated on how you did it. In addition, we will highly appreciate it if you open a PR in that case.

Thank you very much! I solve the problem by updating openssl from 1.1.1f to 1.1.1l

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@doronz88 @matan1008 @WorkHardes