Error: "SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small" when connecting to the ParCache (4251213)

Chat now with support

Return

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title

Error: "SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small" when connecting to the ParCache
Description

Error: "SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3435:" when connecting to the ParCache with OpenSSL 1.02
Resolution

2.5.915

The ParCache supports the following ciphers.

TLSv1.0:
ciphers:
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (dh 768) - E
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 768) - C
TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
Configure OpenSSL to use a non DHE exchange cipher e.g. -cipher "ECDH-RSA-AES128-SHA"

2.5.916+

From 2.5.916, the 2 Diffe-Hellman ciphers were removed, so OpenSSL will not produce an error.
TLSv1.0:
ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A"

NOTE: If the error is seen on TPAM 2.5.916 (or above). reboot the cache server to ensure the ciphers are updated.

Feedback Submitted

Did this article solve an issue for you?

Select Rating

Title