Using Ubuntu 20.4 & Python Imaplib: Can I override ssl.SSLError: [SSL: DH_KEY_TOO_SMALL]?

Question

since updating to Ubuntu 20.4 from 18.4 I can no longer access one of my email addresses

import imaplib
imap = imaplib.IMAP4_SSL('<my_email_server>')

aborts with the error message

ssl.SSLError: [SSL: DH_KEY_TOO_SMALL] dh key too small (_ssl.c:1108)

With Ubuntu 18.4 this works fine. It seems this is caused by a newer OpenSSL library.

On the server side I can't do anything about it. Is there a way within Python to override this setting to accept the existing key?

Update: I tried messing with the OpenSSL settings as described here: - https://askubuntu.com/questions/1231844/ssl-sslerror-ssl-dh-key-too-small-dh-key-too-small-ssl-c1108 - https://askubuntu.com/questions/1233186/ubuntu-20-04-how-to-set-lower-ssl-security-level without success.

score 1 · Accepted Answer · answered Aug 23 '20 at 09:32

This was solved in this question

The solution is to add

context.set_ciphers('DEFAULT@SECLEVEL=1')

to the ssl context. And log in like this

import imaplib
import ssl

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.set_ciphers('DEFAULT@SECLEVEL=1')
imap = imaplib.IMAP4_SSL('MYSERVER_REMOVED>, ssl_context=context, port=993)
imap.login('<USER_REMOVED>','<PASSWORD_REMOVED>')

There's also a more global approach in this discussion

Using Ubuntu 20.4 & Python Imaplib: Can I override ssl.SSLError: [SSL: DH_KEY_TOO_SMALL]?

1 Answers1