Symptom

When uploading a new P12 file to use as a client certificate in gateway connections, the error message “error:0308010C:digital envelope routines::unsupported” or “Wrong format or password?” is displayed.

Cause

The Broadcom Layer7 Policy Manager uses the encryption algorithm RC2-40-CBC when exporting private keys. This algorithm has been deprecated in OpenSSL v3 and moved to the legacy provider. Between releases 2022.2.1 and 2022.3.1 the API Gateway Manager did not support algorithms in the legacy provider, causing the error message when trying to use one of those algorithms.

The legacy provider has been enabled in 2022.3.2, however we do strongly recommend to only use up to date encryption algorithms.

Action

• Export your private keys with an algorithm supported by OpenSSL v3 default provider

• Update the API Gateway Manager to release 2022.3.2