Could not generate DH keypair error when connecting to Shares via ES


When using the GUI application of Enterprise Server/Connect Server/Point to Point/Aspera Client to establish a connection to Shares, the connection fails with the error Could not generate DH keypair.

This error occurs with a GUI application version before 3.6 connecting to a 1.9.3 or 1.9.4 version of Shares.


The fix to this issue is to upgrade your Enterprise Server/Connect Server/Point to Point/Aspera Client application to the latest version (3.6 or later).

We HIGHLY recommend upgrading to fix this issue as the latest product versions maintain best security practices.

Other temporary workaround

If you are unable to upgrade your product (such as if you're on a Mac which does not yet have a version 3.6), you can employ the temporary workaround below on your Shares server. Once you are able to upgrade to ES/CS/P2P/Client version 3.6 or later, it is strongly encouraged to do so, and to reverse the changes you made on Shares.

Note: The workaround involves lowering the level of security in place that protects against certain vulnerabilities. If you decide to use this workaround, your Shares site will be open to risk (even if the potential for intrusion is low), and you will not be able to achieve a security rating greater than a B on Qualys.

Open the following file in a text editor:

  • Linux: /opt/aspera/shares/etc/nginx/nginx.conf
  • Windows: C:\Shares\nginx\conf\nginx.conf

Comment out the ssl_dhparam setting so it looks like the following:

# ssl_dhparam dhparams.pem
Powered by Zendesk