Unable to Connect to the Backend Server Through NetScaler When Using SSL Certificate with 4096 Bit Key
Article ID: CTX213910
Updated On:
Description
The backend server in this case is an Apache server. When using DH server params on the server with a 4096 bit DH key, the SSL handshake from NetScaler fails.
The following error is also noticed:
Counter : ssl_err_Backend_ssl3_server_keysize_gt_2048 increments.
Resolution
Complete the following steps to resolve this issue:
-
Remove the DH parameters from Apache server SSL configuration. For more information refer to - https://www3.trustwave.com/support/kb/KnowledgebaseArticle14785.aspx
- Or, amend the configuration to limit the DH key size to 2048 bit. NetScaler only support key size upto 2048-bit on the back end servers. For more information refer to CTX206268 - FAQ: Key Sizes/Certificates Supported by NetScaler.
Problem Cause
DH encryption was configured on the backend Apache server. This is not a problem usually, except that the Apache server was using a 4096 bit DH key to perform a key exchange. This is currently not supported on NetScaler.
Issue/Introduction
The backend server in this case is an Apache server. When using DH server params on the server with a 4096 bit DH key, the SSL handshake from NetScaler fails.
Was this article helpful?
Yes
No
Powered by
