The server key exchange message: "DHE_RSA contains a weak DH key."
Article ID: KB0077208
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | - |
| Not Applicable | - |
Description
(This issue may be faced by all TIBCO Products which use tibcojre)
With BusinessWorks(BW) 5.13, TIBCO RUNTIME AGENT(TRA) 5.10 you may see the following error when you invoke SOAP service/HTTP request over SSL.
Symptoms:
Cause:
This error is thrown with Java 1.8 which is bundled with BW 5.13. Java 1.8 and DHE algorithm lets you use a key size upto 2048 Bits. The server may be sending you a key size of lower bits , say 1024 and hence BW as a client does not accept this as the bitsize has a mismatch.
Issue/Introduction
Environment
Resolution
To overcome the error,
Add the following properties:
java.property.TIBCO_SECURITY_VENDOR=j2se
java.property.jdk.tls.ephemeralDHKeySize=matched in the designer.tra/application.tra file,
&
jdk.tls.ephemeralDHKeySize=matched in java.security file under <tibco_home>\tibcojre\1.8.0\lib\security
For more details on "Customizing Size of Ephemeral Diffie-Hellman Keys" please refer the link in the reference section below.
Note: Property -> jdk.tls.ephemeralDHKeySize=matched in java.security file will take precedence over the property -> java.property.jdk.tls.ephemeralDHKeySize=matched in the designer.tra/application.tra file
Additional Information
Feedback
