Article Number
000068085
Applies To
Identity Router v2.17 update. ( Jan Release)
Issue
The IDR web resource are not accessible and are failing with following error in /var/log/symplified/*-error.log file.
[ssl:info] AH02008: SSL library error 1 in handshake
[ssl:info] SSL Library Error: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher – Too restrictive SSLCipherSuite or using DSA server certificate?
[ssl:info] AH01998: Connection closed to child 20 with abortive shutdown
Cause
In IDR v2.17: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) [openssl name - AES256-SHA256] and TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) [openssl name- AES256-SHA] are broken and fix is being pushed as part of Cloud Feb release.
If client apps in customer environment (browser/REST clients) are having only these two common ciphers in their cipher suites, the IDR web resource will be inaccessible due to no shared cipher.
Resolution
These 2 ciphers will be fixed as part of Cloud Feb release 2023
Workaround