Ephemeral DH public key size error in the SSG Logs

Document ID : KB000077347
Last Modified Date : 12/04/2018
Show Technical Document Details
Issue:
If this error comes up in the logs, there is a known solution to get around this:

WARNING 400 com.l7tech.server.log.SinkManager: Unexpected error during log list/read from remote node 'xxxxxxxxxxxxxxxxxxxxxxx':Could not access HTTP invoker remote service at [https://securespangateway/ssg/cluster/LogAccessAdmin]; nested exception is javax.net.ssl.SSLException: Ephemeral DH public key size is less than the required minimum
Resolution:
Add the following into the system.properties file ( /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties ) and restart the gateway service:

jdk.tls.ephemeralDHKeySize=legacy

 
Additional Information:
For more information:

https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html