Exception: "The security strength of SHA-1 digest algorithm is not sufficient for this key size" thrown in the JBoss ON agent log when trying to connect to the server
Issue
- Exception: "The security strength of SHA-1 digest algorithm is not sufficient for this key size" thrown in the JBoss ON agent log when trying to connect to the server;
-
Error while starting RHQ agent:
ERROR [WorkerThread#0[10.11.12.13:53232]] (jboss.remoting.transport.socket.ServerThread)- WorkerThread#0[10.124.237.69:53232] exception occurred during first invocation java.lang.reflect.InvocationTargetException ... Caused by: javax.net.ssl.SSLException: Error generating DH server key exchange ... Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size at sun.security.provider.DSA.checkKey(DSA.java:111) at sun.security.provider.DSA.engineInitSign(DSA.java:143) at java.security.SignatureSpi.engineInitSign(SignatureSpi.java:103) at java.security.Signature$Delegate.init(Signature.java:1155) at java.security.Signature$Delegate.chooseProvider(Signature.java:1112) at java.security.Signature$Delegate.engineInitSign(Signature.java:1185) at java.security.Signature.initSign(Signature.java:550) at sun.security.ssl.HandshakeMessage$DH_ServerKeyExchange.<init>(HandshakeMessage.java:750) at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:882)
Environment
- Red Hat JBoss Operations Network (ON) 3.3.5
- Open Java Development Kit (OpenJDK) 1.8.0_151
- RHEL 7.4
- Both server's keystore and truststor are using
SHA1withDSAalgorithm (Signature algorithm name: SHA1withDSA).
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
