This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Error:14082174:SSl routines;ssl3_check_cert-and-algorithm:dh key too small:openssl\ssl\s3_clnt.c3615

Posted on 05-18-2016 09:49 PM
Not applicable
Reply posted on --/--/---- --:-- AM

img-20160519-081104.jpgimg-20160519-081506-1.jpgimg-20160519-081717.jpg

I am running my automation scripts to test end point with https, I am getting the following error:

Error:14082174:SSl routines;ssl3_check_cert-and-algorithm:dh key too small:openssl\ssl\s3_clnt.c3615

I am attaching the mock.js and FunctionalTest.feature screen shots.

Could you please suggest me where is the problemm.

This request is working in Postman and SOAP UI. The same headers I am sending in the script.

I would appreciate for your early response.

Solved Solved
0 4 1,932
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi @Veeraprasad Therukalla,

Are you testing directly the TIBCO end-points (without Apigee Edge in between) or testing proxy deployed at Apigee Edge which in-turn connects to TIBCO end-points? I guess, first is the scenario.

My guess is TIBCO server is using less secure DH (Diffie-Hellman) keys during the TLS handshake. Recent version of OpenSSL enforces a non-weak DH key. Most probable fix is to upgrade/fix their software at server side or at client side, use compatible (/older) SSL lib (libssl n.x.y).

Regards, Rajesh Doda

View solution in original post

Jump to Solution
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Attached results errors img-20160519-091534.jpg

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi @Veeraprasad Therukalla,

Are you testing directly the TIBCO end-points (without Apigee Edge in between) or testing proxy deployed at Apigee Edge which in-turn connects to TIBCO end-points? I guess, first is the scenario.

My guess is TIBCO server is using less secure DH (Diffie-Hellman) keys during the TLS handshake. Recent version of OpenSSL enforces a non-weak DH key. Most probable fix is to upgrade/fix their software at server side or at client side, use compatible (/older) SSL lib (libssl n.x.y).

Regards, Rajesh Doda

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to
Reply posted on --/--/---- --:-- AM

@rdoda

The last part of the sentence, "(/older)", is what I don't understand.

Why not pairing both SSL endpoints but at the newest version?

Has TIBCO server something to do with preferring pairing toward the older version of SSL?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

How to add SSL certificates in cucumber Automation?

Jump to Solution
0 Likes