Hub hotfix Hub 7.92HF6 tunnel connections fail with "dh key too small"

Document ID : KB000007715
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

After upgrading a tunnel client hub to hub 7.92HF6, a hub-to-hub tunnel will fail to connect and the following error will be observed in the hub.log:

 

Aug 18 08:48:41:495 [4896] hub: SSL_connect error occured 

Aug 18 08:48:41:495 [4896] hub: [1] error:0x14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small 

Aug 18 08:48:41:495 [4896] hub: TSESS could not connect to tunnel 199.127.38.161:443 (336077172) 

Aug 18 08:48:41:495 [4896] hub: CTRL MergeProxy011-hub connection error: dh key too small (372) 

Aug 18 08:48:41:495 [4896] hub: CTRL MergeProxy011-hub could not connect to server 199.127.38.161/443 

Aug 18 08:48:41:500 [5272] hub: SSL_connect error occured 

Environment:
UIM running Hub 7.92HF6
Cause:

This is caused by an incorrect OpenSSL library that was bundled with hub 7.92HF5 and 7.92HF6.

 

 

Resolution:

For now, rolling back the hub to 7.92HF4 or prior will resolve the issue.

In the near future, a hotfix will be released for this issue.

Please check the UIM Hotfix Index Site - if you see a hotfix with a version higher than 7.92HF6, download that version and deploy it.  (As of this writing, 8/22/2017, this has not been released but it is expected very soon.)