The server key exchange message: "DHE_RSA contains a weak DH key."
book
Article ID: KB0077208
calendar_today
Updated On:
Products
Versions
TIBCO ActiveMatrix BusinessWorks
-
Not Applicable
-
Description
Description:
(This issue may be faced by all TIBCO Products which use tibcojre) With BusinessWorks(BW) 5.13, TIBCO RUNTIME AGENT(TRA) 5.10 you may see the following error when you invoke SOAP service/HTTP request over SSL.
"The server key exchange message: DHE_RSA contains a weak DH key. The server sent a DH key with length 1024 bits but the client is configured to receive a key with length of at least 2048 bits."
Symptoms:
The error is :
"The server key exchange message: DHE_RSA contains a weak DH key. The server sent a DH key with length 1024 bits but the client is configured to receive a key with length of at least 2048 bits."
Cause: This error is thrown with Java 1.8 which is bundled with BW 5.13. Java 1.8 and DHE algorithm lets you use a key size upto 2048 Bits. The server may be sending you a key size of lower bits , say 1024 and hence BW as a client does not accept this as the bitsize has a mismatch.
Environment
Applicable to all environments
Resolution
To overcome the error, Add the following properties: java.property.TIBCO_SECURITY_VENDOR=j2se java.property.jdk.tls.ephemeralDHKeySize=matched in the designer.tra/application.tra file, & jdk.tls.ephemeralDHKeySize=matched in java.security file under <tibco_home>\tibcojre\1.8.0\lib\security For more details on "Customizing Size of Ephemeral Diffie-Hellman Keys" please refer the link in the reference section below. Note: Property -> jdk.tls.ephemeralDHKeySize=matched in java.security file will take precedence over the property -> java.property.jdk.tls.ephemeralDHKeySize=matched in the designer.tra/application.tra file
Issue/Introduction
The server key exchange message: "DHE_RSA contains a weak DH key."