## Explanation

The encryption key size is not supported by the
System SSL run time.

## User response

See the System SSL information to determine which key sizes are supported. In general, when
executing in non-FIPS mode, 40-bit keys and 128-bit keys are supported for RC2 and RC4, 56-bit keys
are supported for DES, 168-bit keys are supported for Triple DES, and 128-bit keys and 256-bit keys
are supported for AES. RSA keys must be between 512 and 4096 bits, DSS keys must be between 512 and
2048 bits, and Diffie-Hellman keys must be between 512 and 2048 bits.

When executing in FIPS mode with GSK_FIPS_STATE_ON or GSK_FIPS_STATE_LEVEL1 set,
168-bit keys are supported for Triple DES, and 128-bit keys and 256-bit keys are supported for AES.
RSA keys must be between 1024 and 4096 bits, DSS keys must be between 1024 and 2048 bits, and
Diffie-Hellman keys must be 2048 bits.

When executing in FIPS mode with GSK_FIPS_STATE_LEVEL2 set, 112-bit security is
enforced when creating new keys or performing digital signature generation and encryption type
operations. Digital signature verification, decryption using Triple DES and RSA decryption with
80-bit key lengths is allowed when processing already protected information. For key generation, DSS
keys must be between 1024 and 2048 bits, Diffie-Hellman keys must be 2048 bits, ECC keys must 192 or
greater, and RSA keys must be between 2048 and 4096 bits. For verification,
DSS keys must be 1024 or 2048 bits, ECC keys must 192 or greater, and RSA keys must be between 1024
and 4096 bits.

When executing in FIPS mode with GSK_FIPS_STATE_LEVEL3 set, 112 bit or higher
security strength is enforced as defined in NIST SP800-131Ar1. For key
generation, DSS keys must be 2048 bits, Diffie-Hellman keys must be 2048 bits, ECC keys must 224 or
greater, and RSA keys must be between 2048 and 4096 bits. For verification, DSS keys must be 2048
bits, ECC keys must 224 or greater, and RSA keys must be between 2048 and 4096 bits.

When using RSASSA-PSS signature algorithm to perform sign or verify operations,
only RSA key sizes 2048 through 4096 inclusive are supported.

This error can also occur if the requested key size is not compatible with the supplied key
generation parameters. See the System SSL information to determine which key sizes are supported.
See System SSL and FIPS 140-2 for information about operating in FIPS mode.