The server key exchange message: "DHE_RSA contains a weak DH key."
Article ID: KB0077208
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | - |
| Not Applicable | - |
Description
Description:
(This issue may be faced by all TIBCO Products which use tibcojre)
With BusinessWorks(BW) 5.13, TIBCO RUNTIME AGENT(TRA) 5.10 you may see the following error when you invoke SOAP service/HTTP request over SSL.
Symptoms:
Cause:
This error is thrown with Java 1.8 which is bundled with BW 5.13. Java 1.8 and DHE algorithm lets you use a key size upto 2048 Bits. The server may be sending you a key size of lower bits , say 1024 and hence BW as a client does not accept this as the bitsize has a mismatch.
Environment
Resolution
To overcome the error,
Add the following properties:
java.property.TIBCO_SECURITY_VENDOR=j2se
java.property.jdk.tls.ephemeralDHKeySize=matched in the designer.tra/application.tra file,
&
jdk.tls.ephemeralDHKeySize=matched in java.security file under <tibco_home>\tibcojre\1.8.0\lib\security
For more details on "Customizing Size of Ephemeral Diffie-Hellman Keys" please refer the link in the reference section below.
Note: Property -> jdk.tls.ephemeralDHKeySize=matched in java.security file will take precedence over the property -> java.property.jdk.tls.ephemeralDHKeySize=matched in the designer.tra/application.tra file
Issue/Introduction
Additional Information
Feedback
