Ephemeral DH public key size error in the SSG Logs
Article ID: 77347
Updated On:
Products
CA API Gateway (Layer 7)
SA94 to API SECURITY
STARTER PACK-7
CA Rapid App Security
MOBILE API GATEWAY
CA Mobile - API Gateway
CA API Gateway
Issue/Introduction
If this error comes up in the logs, there is a known solution to get around this:
WARNING 400 com.l7tech.server.log.SinkManager: Unexpected error during log list/read from remote node 'xxxxxxxxxxxxxxxxxxxxxxx':Could not access HTTP invoker remote service at [https://securespangateway/ssg/cluster/LogAccessAdmin]; nested exception is javax.net.ssl.SSLException: Ephemeral DH public key size is less than the required minimum
WARNING 400 com.l7tech.server.log.SinkManager: Unexpected error during log list/read from remote node 'xxxxxxxxxxxxxxxxxxxxxxx':Could not access HTTP invoker remote service at [https://securespangateway/ssg/cluster/LogAccessAdmin]; nested exception is javax.net.ssl.SSLException: Ephemeral DH public key size is less than the required minimum
Environment
Release:
Component: APIGTW
Component: APIGTW
Resolution
Add the following into the system.properties file ( /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties ) and restart the gateway service:
jdk.tls.ephemeralDHKeySize=legacy
jdk.tls.ephemeralDHKeySize=legacy
Additional Information
For more information:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html
https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html
Feedback
Powered by
