[Xymon] error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

Root, Paul T Paul.Root at CenturyLink.com
Mon Apr 24 15:44:09 CEST 2017


My keys are all 2048.

From: Dominique Frise [mailto:dominique.frise at unil.ch]
Sent: Monday, April 24, 2017 1:42 AM
To: Root, Paul T; xymon at xymon.com
Subject: RE: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small


OpenSSL was probably updated on your proxy an it reports a problem on the server you are testing (NNN.NNN.NNN.NNN). This server is using a weak DH key within the key exchange and recent versions of OpenSSL enforce a non-weak DH key because of the Logjam attack (https://weakdh.org/).



Dominique​

________________________________
De : Xymon <xymon-bounces at xymon.com<mailto:xymon-bounces at xymon.com>> de la part de Root, Paul T <Paul.Root at CenturyLink.com<mailto:Paul.Root at CenturyLink.com>>
Envoyé : vendredi 21 avril 2017 20:40
À : xymon at xymon.com<mailto:xymon at xymon.com>
Objet : [Xymon] error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

We patched our OS on our xymon proxy servers, and now we get the error in the xymonnet test

Error output:
Unspecified SSL error in SSL_connect to https (47873/tcp) on host NNN.NNN.NNN.NNN: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small


It looks like it’s some sort of issue with an openssl patch.

The machines in question are CentOS 6.9,  and xymon is 4.3.21, that we packaged ourselves.

I vaguely remember others having issues with SSL certs and xymon last year late.

Does anybody have an explanation or solution?


Thanks,
Paul.
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20170424/90a52d87/attachment.html>


More information about the Xymon mailing list