Ephemeral DH public key size error in the SSG Logs

book

Article ID: 77347

calendar_today

Updated On:

Products

CA API Gateway (Layer 7) SA94 to API SECURITY STARTER PACK-7 CA Rapid App Security MOBILE API GATEWAY CA Mobile - API Gateway CA API Gateway

Issue/Introduction

If this error comes up in the logs, there is a known solution to get around this:

WARNING 400 com.l7tech.server.log.SinkManager: Unexpected error during log list/read from remote node 'xxxxxxxxxxxxxxxxxxxxxxx':Could not access HTTP invoker remote service at [https://securespangateway/ssg/cluster/LogAccessAdmin]; nested exception is javax.net.ssl.SSLException: Ephemeral DH public key size is less than the required minimum

Environment

Release:
Component: APIGTW

Resolution

Add the following into the system.properties file ( /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties ) and restart the gateway service:

jdk.tls.ephemeralDHKeySize=legacy

 

Additional Information

For more information:

https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html