ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Messaging Gateway errors when using DDS source with TLS


Article ID: 173432


Updated On:


Messaging Gateway


Symantec Messaging Gateway (SMG) is trying to connect with a DDS source via SSL/TLS. The DDS source presents a certificate that uses the RSASSA-PSS algorithm.

Permanent failure while attempting to search data source: <hostname>   Reason: Algorithm constraints check failed on signature algorithm: 1.2.840.113549.1.1.10


RSASSA-PSS [OID 1.2.840.113549.1.1.10] is not a supported signing algorithm in SMG. Because the SMG does not use that algorithm, it will drop the connection, as it cannot maintain the TLS handshake.



There are two main ways to resolve this issue:

  1. Do not use SSL/TLS with the DDS source.
  2. Replace the certificate on the DDS source with one that does not use RSASSA-PSS as its signing algorithm.