After Upgrade to RHEL 6.9 or RHEL 7.4 : ldap authentication no longer works due to the Error: "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message"

Solution Verified - Updated -

Issue

  • ssh logins function only via public key authentication
  • LDAP authenticated login no longer works, although LDAP groups are listed properly.
  • After upgrade to RHEL 6.9/ RHEL 7.4, LDAP authentication and sudo no longer working and the following error is shown in /var/log/messages:
Aug 27 18:22:39 testserver sssd[ ssd[be[LDAP]][879]: Could not start TLS encryption. TLS error -12173:SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.

Environment

  • Red Hat Enterprise Linux (RHEL) 6.9
  • Red Hat Enterprise Linux (RHEL) 7.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content