OL, OVM: Connection Fails; "openssl: SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small"
Last updated on JUNE 21, 2017
Applies to:Linux OS - Version Oracle Linux 6.0 and later
Examining The Certificate Offered By A Web Site
The key size used by a web site can be seen like this:
$ openssl s_client -connect "example.com:443" </dev/null 2>/dev/null | openssl x509 -text -noout
Public-Key: (256 bit)
This shows a key length indicating a certificate needing to be recreated with a longer key.
Examining A Local Certificate File
If the <certificate>.pem file is accessible, the certificate can be examined liek this:
$ openssl dhparam -inform PEM -in my-cert=dhparam.pem -check -text | fgrep 'DH Parameters'
Encountering A Run-time Error
After upgraded openssl to version openssl-1.0.1e-57.el6.x86_64, a client application reports the error:
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms