The question is: why did you have to change it (from FIPS186-3)? It has been working for ages now, with this move you pretty much break a huge amount of external control tools, as well as screwing admins (who are lazy bastards and don't want to type kilometer length passwords every bloody damned time).

I hope there is a very serious reason to have this one, and I'm eager to know. (Making it easier to break the communication encyption isn't one of those.)

I'm running into the same problem going from 6.0 to 6.3. Is a 1K key too short? It's not clear what the problem is from the error.

we will check what we can do about this, however, to my knowledge as DSA key is limited by SHA1 there is no benefit of using DSA keys longer than 1024bits. Unless DSA standard is updated that allows the use of different hashing algorithm.

6.5 fixed this for me. Thanks!