.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Malware Analysis cannot connect to the ThreatGRID web service in NetWitness 10.x
Issue
The /var/lib/rsamalware/spectrum/logs/spectrum.log file reports the error message below when the Malware Analysis appliance attempts to connect to the ThreatGRID web service.
ERROR com.netwitness.api.services.result.EvaluationContext - Exception raised while evaluating event 0 : java.lang.RuntimeException: Could not generate DH keypair
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
Cause
In Java versions 1.7.0_74 and older, the prime size must be a multiple of 64, and can only range from 512 to 1024, while ThreatGRID only accepts a minimum prime size of 2048.
Resolution
To resolve the issue, perform the steps below.- Download the RSA Security Analytics Q2 2015 Security Patch.
- Add the packages into Security Analytics Updates Repository as instructed in the Security Analytics User Guide.
- Connect to the Malware Analysis appliance via SSH as the root user.
- Issue the command below to update Java.
yum update java
- Restart the Malware Analysis service on the appliance.
stop rsaMalwareDevice
start rsaMalwareDevice
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
Notes
The full error message from the spectrum.log file is attached to this article as a text file.
Product Details
RSA Product Set: Security Analytics, NetWitnessRSA Product/Service Type: Malware Analysis
RSA Version/Condition: 10.3.x, 10.4.x
Platform: CentOS
Platform (Other): ThreatGRID
O/S Version: EL5, EL6
Summary
Malware Analysis cannot connect to the ThreatGRID web service due to the following error: javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
Approval Reviewer Queue
Technical approval queue