ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Messaging Gateway errors when using DDS source with TLS

book

Article ID: 173432

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Symantec Messaging Gateway (SMG) is trying to connect with a DDS source via SSL/TLS. The DDS source presents a certificate that uses the RSASSA-PSS algorithm.

Permanent failure while attempting to search data source: <hostname>   Reason: Algorithm constraints check failed on signature algorithm: 1.2.840.113549.1.1.10

Cause

RSASSA-PSS [OID 1.2.840.113549.1.1.10] is not a supported signing algorithm in SMG. Because the SMG does not use that algorithm, it will drop the connection, as it cannot maintain the TLS handshake.

Resolution

Remediation:

There are two main ways to resolve this issue:

  1. Do not use SSL/TLS with the DDS source.
  2. Replace the certificate on the DDS source with one that does not use RSASSA-PSS as its signing algorithm.