I was able to disable the PSK key, whnei try to add it back in to the server the start up fails when i try to add pskback in

PSK limits are documented in https://www.zabbix.com/documentation...re_shared_keys .
Did your crypto library version changed when upgraded from 3.4 to 4.0 ? What crypto library is used ? Which version ? What is in server log file ?

Both systems are using openssl 1.0.2k-fips, which is the version I was using with 3.4.
I found this in the logs:

27632:20190124:112158.225 trapper got '{"request":"proxy data","host":"ZabbixOL","session":"116833db0193e26 bf8ca6dea50490cd8","history data":[{"id":28976,"itemid":33255,"clock":1548346563,"ns" :441269800,"timestamp":1545433046,"source":"Schann el","severity":4,"eventid":36874,"value":"An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.","lastlogsize":264861,"mtime":0},{"id":289 77,"itemid":33255,"clock":1548346563,"ns":44169350 0,"timestamp":1545433046,"source":"Schannel","seve rity":4,"eventid":36888,"value":"A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.","lastlogsize":264862,"mtime":0},{"id":28978 ,"itemid":33255,"clock":1548346563,"ns":442084500, "timestamp":1545433046,"source":"Schannel","severi ty":4,"eventid":36874,"value":"An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.","lastlogsize":264863,"mtime":0},{"id":289 79,"itemid":33255,"clock":1548346563,"ns":44249410 0,"timestamp":1545433046,"source":"Schannel","seve rity":4,"eventid":36888,"value":"A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40.

I will work though the link in your post

Hmm.... there are 2 problems:
1) at first you described that Zabbix proxy does not start after upgrade, it refuses to load PSK.
2) the 2nd example is from trapper - so, Zabbix server successfully received from proxy data from Windows eventlog that some client was not able to connect to Windows "Schannel" because of no common cipher suites for Windows and the client.
The 2 problems are not related, I think.

You can check both sides if they support PSK ciphersuites:
$ openssl ciphers -V | grep -i psk

This command show that it only supports SSLv3 as a PSK
[root@ZabbixOL ~]# openssl ciphers -V | grep -i psk
0x00,0x8D - PSK-AES256-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1
0x00,0x8C - PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=AES(128) Mac=SHA1
0x00,0x8B - PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK Enc=3DES(168) Mac=SHA1
0x00,0x8A - PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1

I am only encrypting data between the proxies and the master server, not sure how I am getting windows connections.

Looking more in my logs I found that the proxy was having trouble reading the file with the psk key. I move it to the /etc/zabbix folder from a /home/zabbix and restarted the proxy and it seems to be back working

Thanks for the response.

Nice to hear!
You may want to check TLSPSKFile parameter in zabbix_proxy.conf and permissions on that PSK file - no other users except 'zabbix' should be allowed to read it.