Support weak SSL DH key
Some IIIF server may use a really outdated SSL config with a weak diffie helman key
Example:
curl -v https://digi.vatlib.it/iiifimage/MSS_Ross.102/Ross.102_0417_fa_0210r.jp2/0,0,732,950/591,768/0/default.jpg
* Trying 193.43.103.184:443...
* TCP_NODELAY set
* Connected to digi.vatlib.it (193.43.103.184) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (OUT), TLS alert, handshake failure (552):
* error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
* Closing connection 0
curl: (35) error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
This post on stack overflow works, so we could use it as a fallback when an SSLError happens. The original SSL settings should be restored after the call