When attempting to use both the DLP Enforce integration and OIDC Connect features in Messaging Gateway (SMG), the OIDC Connect discovery fails with the following error:

BrightmailLog.log
Jan 05 2026 16:35:42 [https-jsse-nio-443-exec-5] [OidcFlow] ERROR - Error occured while fetching IDP metadata. Exception:
javax.net.ssl.SSLHandshakeException: Could not generate secret

This issue may also cause failures in both the DLP Enforce synchronization in SMG and the DLP FlexResponse API integration in DLP.

Version: 10.9.1, 10.9.2

Generating the TLS 1.3 secret for TLS negotiation with the OIDC Connect server and possibly the DLP Enforce server is failing.

This issue will be addressed in an upcoming Messaging Gateway release.

Please subscribe to this article to be automatically notified of any updates to this issue.

• Subscribe to a Broadcom knowledge article