After Upgrade to RHEL 6.9 or RHEL 7.4 : ldap authentication no longer works due to the Error: "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message"

Solution Verified - Updated -

Issue

  • ssh logins function only via public key authentication
  • LDAP authenticated login no longer works, although LDAP groups are listed properly.
  • After upgrade to RHEL 6.9/ RHEL 7.4, LDAP authentication and sudo no longer working and the following error is shown in /var/log/messages:
Aug 27 18:22:39 testserver sssd[ ssd[be[LDAP]][879]: Could not start TLS encryption. TLS error -12173:SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.

Environment

  • Red Hat Enterprise Linux (RHEL) 6.9
  • Red Hat Enterprise Linux (RHEL) 7.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.