API Gateway: Unable to create or manage listen ports

Document ID : KB000126731
Last Modified Date : 08/03/2019
Show Technical Document Details
Issue:
After upgrading to Gateway 9.4 the below error is seen when trying to create or modify a listen port.

The server private key uses RSA crypto, but at least one TLS_ECDH_ECDSA/TLS_ECDHE_ECDSA/TLS_ECDH_RSA cipher suite is enabled.

 
Resolution:
This occurs because you are using an RSA private key with elliptic curve ciphers. 

When a RSA key is chosen, the following cipher suite combo -TLS_ECDH_ECDSA/TLS_ECDHE_ECDSA/TLS_ECDH_RSA are not supported by a RSA key which results in this error. To fix this you would need to deselect all elliptic curve ciphers. As they will not even be negotiated on the handshake this should not have any negative impact. 

 
Additional Information:
Details about changing the cipher suits can be found here:

https://docops.ca.com/ca-api-gateway/9-4/en/security-configuration-in-policy-manager/tasks-menu-security-options/manage-listen-ports/listen-port-properties