Quote:
Originally Posted by Ybother
Thanks David, but here's the issue:
The CA certificate is NOT weak, It's 2048 bit RSA. I can attach a copy of it here if it'll help anyone.
You're right in that the filter essentially does an MTM attack. But since I actually want the service it does, I have no problem with it.
I saw somewhere else on the forum that it's possible to get Calibre to use its own CA store, but I couldn't figure out how to do it and if it works also on the portable version.
|
The error you are getting says nothing about the certificate chain. What it is complaining is that the key size is too short (a 2048 bit RSA key works out to a ~116 bit symmetric key which gets rounded down to 112 bits for easy comparison). What do you see when you look at the certificate? I've attached a couple of images of what I see in Firefox connected to MobileRead and StackOverflow. You will notice the MR image mentions 256 bit keys/TLS 1.3 while StackOverflow uses 128 bit keys and TLS 1.2. This does mean that it takes approximately 32ms to handshake with StackOverflow and 47ms to handshake with MobileRead. The horrors of that one time 15ms of extra time!
It's also possible that you are missing an intermediate certificate but since your corporate CA is being used, you should have been sent the certificate chain.
<deleted a mass of over information> since I think I just bored everybody within 100 metres into a coma.