Hub hotfix Hub 7.92HF6 tunnel connections fail with "dh key too small"

book

Article ID: 7715

calendar_today

Updated On:

Products

DX Infrastructure Management NIMSOFT PROBES

Issue/Introduction

After upgrading a tunnel client hub to hub 7.92HF6, a hub-to-hub tunnel will fail to connect and the following error will be observed in the hub.log:

 

Aug 18 08:48:41:495 [4896] hub: SSL_connect error occured 

Aug 18 08:48:41:495 [4896] hub: [1] error:0x14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small 

Aug 18 08:48:41:495 [4896] hub: TSESS could not connect to tunnel 199.127.38.161:443 (336077172) 

Aug 18 08:48:41:495 [4896] hub: CTRL MergeProxy011-hub connection error: dh key too small (372) 

Aug 18 08:48:41:495 [4896] hub: CTRL MergeProxy011-hub could not connect to server 199.127.38.161/443 

Aug 18 08:48:41:500 [5272] hub: SSL_connect error occured 

Cause

This is caused by an incorrect OpenSSL library that was bundled with hub 7.92HF5 and 7.92HF6.

 

 

Environment

UIM running Hub 7.92HF6

Resolution

For now, rolling back the hub to 7.92HF4 or prior will resolve the issue.

In the near future, a hotfix will be released for this issue.

Please check the UIM Hotfix Index Site - if you see a hotfix with a version higher than 7.92HF6, download that version and deploy it.  (As of this writing, 8/22/2017, this has not been released but it is expected very soon.)