Sun ZFS Storage 7420
 
Oracle ZFS Storage ZS5-2
 
Oracle ZFS Storage ZS3-2
 
Oracle ZFS Storage ZS4-4
 
Oracle ZFS Storage ZS5-4
 
Oracle ZFS Storage ZS3-4
 
Sun ZFS Storage 7120
 
Oracle ZFS Storage Appliance Racked System ZS4-4
 
Sun ZFS Storage 7320
 
Oracle ZFS Storage ZS3-BA
 

PLA-Support>Sun Systems>DISK>ZFS Storage>SN-DK: ZS
 

In this Document

Symptoms

Changes

Cause

Solution

Created from <SR 3-13366318121>

Applies to:

Symptoms

Long running configuration using Secure LDAP. The LDAP Administrator deployed new SHA256 root server certificates on the LDAP Server which required the LDAP clients be updated with the new certificate.

When adding the LDAP server authentication, it would fail with "dh key too small" error message.

Changes

The ZS3-2, when initially configured for the LDAP server, was running an older version of the NAS software.

Cause

The openssl code was updated to 1.0.1r.  This new version of openssl now disallows the use of dh key smaller than 1024 bit.

Error messages associated with this issue :

   - ssl3_check_cert_and_algorithm:dh key too small

   - sig_ok_to_ext():parent exiting...

   - Error: unable to refresh

   - XXX-tls:Session error no available conn.

Solution

To resolve this issue, the LDAP server must be configured to use a stronger DH param (2048-bit is recommended).

Step1:  Generate a 2048-bit DH params :

                % openssl dhparam -out dhparams.pem 2048

Step 2:  Configure your server to use the new DH params (dhparams.pem) :

                Depending on the server, the way to configure the DH params differs.

                Refer to the following web site for more information: https://weakdh.org/sysadmin.html

This solution has no attachment