After Upgrade to RHEL 6.9 or RHEL 7.4 : ldap authentication no longer works due to the Error: "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message"

Solution Verified - Updated -

Issue

  • ssh logins function only via public key authentication
  • LDAP authenticated login no longer works, although LDAP groups are listed properly.
  • After upgrade to RHEL 6.9/ RHEL 7.4, LDAP authentication and sudo no longer working and the following error is shown in /var/log/messages:
Aug 27 18:22:39 testserver sssd[ ssd[be[LDAP]][879]: Could not start TLS encryption. TLS error -12173:SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.

Environment

  • Red Hat Enterprise Linux (RHEL) 6.9
  • Red Hat Enterprise Linux (RHEL) 7.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In