The solution for me was to increase the size of the HTTPS DH Param setting from default (1024) to 2048 on the ACI APIC Controller This setting is found under FabicPolicies>Policies>Pod>ManagementAccess>default
On Tuesday, March 10, 2020 at 8:33:32 AM UTC [email protected] wrote: > Hi All, > > I found out how to test some things turns out there is indeed a > certificate with a vulnerable DH Key. > So this issue is solved. > > - Ben > > Op maandag 9 maart 2020 17:33:00 UTC+1 schreef Ben Sikkens: > >> Hi, >> >> I ran into an issue after updating to Ansible 2.8.5 (in AWX 9.1.1) >> This used to work in the previous version (Ansible 2.8.1, AWX 6.0.0.0) >> I fixed some issues from the python 2 to 3 but this one eludes me. >> >> I'm trying here to create a Bridge Domain >> >> I can provide extra info tomorrow as the networking guys who maintain >> this project are already gone. So if you need any extra info please ask. >> >> { >> "msg": "Connection failed for >> https://host.name/api/mo/uni/tn-VALUE/BD-BD_000_ACI_test.json. Request >> failed: <urlopen error [SSL: DH_KEY_TOO_SMALL] dh key too small >> (_ssl.c:877)>", >> "changed": false, >> "invocation": { >> "module_args": { >> "hostname": "host.name", >> "username": "cw-user", >> "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER", >> "bd": "BD_000_ACI_test", >> "arp_flooding": true, >> "l3_unknown_multicast": "flood", >> "enable_routing": true, >> "vrf": "VALUE", >> "tenant": "VALUE", >> "l2_unknown_unicast": "flood", >> "state": "present", >> "validate_certs": false, >> "host": "host.name", >> "output_level": "normal", >> "timeout": 30, >> "use_proxy": true, >> "use_ssl": true, >> "port": null, >> "private_key": null, >> "certificate_name": null, >> "bd_type": null, >> "description": null, >> "enable_multicast": null, >> "endpoint_clear": null, >> "endpoint_move_detect": null, >> "endpoint_retention_action": null, >> "endpoint_retention_policy": null, >> "igmp_snoop_policy": null, >> "ip_learning": null, >> "ipv6_nd_policy": null, >> "limit_ip_learn": null, >> "mac_address": null, >> "multi_dest": null, >> "gateway_ip": null, >> "scope": null, >> "subnet_mask": null, >> "protocol": "https" >> } >> }, >> "ansible_facts": { >> "discovered_interpreter_python": "/usr/libexec/platform-python" >> }, >> "_ansible_no_log": false >> } >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/fb0f2065-5382-4dbf-9e44-cbce7493bfcfn%40googlegroups.com.
