SSH Weak Key Exchange Algorithms Enabled in JDG 8.3.1

Solution Verified - Updated -

Issue

We are facing vulnerability issue in our JDG server on Weak SSL/TLS Key Exchange .
Please help to mitigate the issue.

QID Detection Logic: For a SSL enabled port, the scanner probes and maintains a list of supported SSL/TLS versions. For each supported version, the scanner does a SSL handshake to get a list of KEX methods supported by the server. It reports all KEX methods that are considered weak and List all server supported ciphers for each weak key exchange method supported by Server. The criteria of a weak KEX method is as follows: The SSL/TLS server supports key exchanges that are cryptographically weaker than recommended. Key exchanges should provide at least 112 bits of security, which translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges or 224 bits for Elliptic Curve Diffie Hellman key exchanges.

Environment

  • Redhat DataGrid
    • 8.3.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content