KB Article #179043

[ERROR]Algorithm constraints check failed: MD5withRSA

Problem

Connection between Gateway and SecureRelayRA fails with the following in router.log:


Communicator : [MA x.x.x.x/x.x.x.x:yyy]: Terminating connection javax.net.ssl.SSLHandshakeException: General SSLEngine problem at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
...
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)
...
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Algorithm constraints check failed: MD5withRSA


Resolution

Remove MD5 from JRE_HOME/lib/security/java.security for the following properties :
jdk.certpath.disabledAlgorithms
jdk.tls.disabledAlgorithms


and restart SecureRelay and Gateway.