Symantec Messaging Gateway (SMG) is trying to connect with a DDS source via SSL/TLS. The DDS source presents a certificate that uses the RSASSA-PSS algorithm.

Permanent failure while attempting to search data source: <hostname>   Reason: Algorithm constraints check failed on signature algorithm: 1.2.840.113549.1.1.10

RSASSA-PSS [OID 1.2.840.113549.1.1.10] is not a supported signing algorithm in SMG. Because the SMG does not use that algorithm, it will drop the connection, as it cannot maintain the TLS handshake.

Remediation:

There are two main ways to resolve this issue:

1. Do not use SSL/TLS with the DDS source.
2. Replace the certificate on the DDS source with one that does not use RSASSA-PSS as its signing algorithm.