Resolving openSSL 3 upgrade issues

Starting with v23, the Tines image now ships with OpenSSL v3. As part of OpenSSL v3, the client (Tines image) may try to negotiate the TLS request and fail due to incorrect SHA or signing issues. Below are remediations for when you encounter such issues:

DH Key Too Small

This issue can occur if the client (Tines image) tries to negotiate the TLS request from your HTTP Action and requires that RSA and DHE keys be at least 2048 bits long. If the server does not present keys of the correct length, the action run will fail with the error dh key too small

In such a case, we recommend you upgrade the server to support the latest encryption and signing methods. However, as a temporary remediation, you can add the following environment variable to your runtime environment to mitigate the issue.

Was this helpful?