Exception: "The security strength of SHA-1 digest algorithm is not sufficient for this key size" thrown in the JBoss ON agent log when trying to connect to the server
Issue
- Exception: "The security strength of SHA-1 digest algorithm is not sufficient for this key size" thrown in the JBoss ON agent log when trying to connect to the server;
-
Error while starting RHQ agent:
ERROR [WorkerThread#0[10.11.12.13:53232]] (jboss.remoting.transport.socket.ServerThread)- WorkerThread#0[10.124.237.69:53232] exception occurred during first invocation java.lang.reflect.InvocationTargetException ... Caused by: javax.net.ssl.SSLException: Error generating DH server key exchange ... Caused by: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size at sun.security.provider.DSA.checkKey(DSA.java:111) at sun.security.provider.DSA.engineInitSign(DSA.java:143) at java.security.SignatureSpi.engineInitSign(SignatureSpi.java:103) at java.security.Signature$Delegate.init(Signature.java:1155) at java.security.Signature$Delegate.chooseProvider(Signature.java:1112) at java.security.Signature$Delegate.engineInitSign(Signature.java:1185) at java.security.Signature.initSign(Signature.java:550) at sun.security.ssl.HandshakeMessage$DH_ServerKeyExchange.<init>(HandshakeMessage.java:750) at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:882)
Environment
- Red Hat JBoss Operations Network (ON) 3.3.5
- Open Java Development Kit (OpenJDK) 1.8.0_151
- RHEL 7.4
- Both server's keystore and truststor are using
SHA1withDSAalgorithm (Signature algorithm name: SHA1withDSA).
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
