Question & Answer
Question
Why is the SSL handshake failing with SSL rc=9?
Answer
Using AT-TLS and configured to be FIPS140 enabled, the following ATTLS debug error message is seen in syslogd daemon class output:
EZD1283I TTLS Event GRPID: 00000001 ENVID: 00000114 CONNID: 0147E064 RC: 9 Initial Handshake
The SSL rc=9 indicates:
9 Cryptographic processing error. Explanation
An error is detected by a cryptographic function. This error might also occur if key sizes that are non-FIPS are used during an SSL handshake while operating in FIPS mode. User response
If the error occurred while executing in FIPS mode, check that only FIPS key sizes are used.
The rc=9 was caused because the secure server sent a key Exchange message in it's SSL server hello with a Diffie Hellman key size less than 2048. FIPS140 mode requires Dillie Hellman key Sizes to be at least 2048 in size
Was this topic helpful?
Document Information
Modified date:
03 October 2018
UID
dwa1473345