Hi,
In version 9.3 CR1 the JDK version has been updated to JDK 1.8.0 Update 162.
This version restricts Diffie-Hellman keys that are less than 1024 bits
Our gateways has been recently upgraded to version 9.4 and when I replaced an existing private key with the new one, I got an error when I tried to disable/enable the listen port.
The listen port had the following 2 DH ciphers:
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
After disabling this two ciphers I was able to restart the listen port.
The strange thing is that the listen ports with unchanged private keys does not show this behavior while they also have the two DH ciphers.
Can you first of all confirm that the restriction in the new version of the JDK has an effects on the choice of the ciphers and causes the error?
And if so, why does this not effect the unchanged listen ports/private keys?
Regards,
Hakim