Agent fails to startup with error "DHPublicKey does not comply to algorithm constraints"
Article ID: 93537
Updated On:
Products
CA Automic Applications Manager (AM)
Issue/Introduction
When starting up a new or existing remote agent, the awapi will fail to start, and the following error may be found in the AgentService*.log file:
ErrorMsg: AwE-5103 network socket error
Details: Network socket error
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: DHPublicKey does not comply to algorithm constraints
Environment
Release:
Component: APPMGR
Component: APPMGR
Cause
The key to this error message is the following section: "DHPublicKey does not comply to algorithm constraints".
This error normally occurs when the Java on the Automation Engine is updated to a newer release or if Java on the Agent is upgraded to a newer release.
Later versions of Java restrict DH keys less than 1024 bits. If Java on the Automation Engine (server) or remote agent (client) is running a newer version while the other is running an older version, the older version of Java is attempting to us a DH key less then 1024 bits while the newer version of Java is restricting the use of less then 1024 bits.
This error normally occurs when the Java on the Automation Engine is updated to a newer release or if Java on the Agent is upgraded to a newer release.
Later versions of Java restrict DH keys less than 1024 bits. If Java on the Automation Engine (server) or remote agent (client) is running a newer version while the other is running an older version, the older version of Java is attempting to us a DH key less then 1024 bits while the newer version of Java is restricting the use of less then 1024 bits.
Resolution
To resolve this error, please match the version of Java that is used by the Automation Engine and Agent.
Feedback
Yes
No
Powered by
