My customer recently moved from firmware level 2018.4.1.6 to level 2018.4.1.9.
They are now experiencing errors such as "ssl-client (LDAP_SSL_CLIENT_PROFILE): SSL library error: error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small".
My understanding is that the security rules about the Diffie-Hellman cipher have been strengthened in DP (between 2018.4.1.6 and 2018.4.1.9) and that the key returned by the LDAP server while negociating the SSL handshake is now regarded as too short by DataPower. I guess that the customer has to:
- Either upgrade their LDAP server so that it returns a larger key.
- Or disable the Diffie-Hellman ciphers in their DP crypto profiles.
Could you please tell me:
- What is now the minimum key length accepted by DP for the DH ciphers?
- When this strengthening was introduced? (I did not find any related APAR in the lists of fixes).
------------------------------
Patrick Marie
------------------------------