Hi All, A new vulnerability has surfaced regarding TLS and Key Exchange agreement (more specifically the key size.)
"The SSL/TLS server supports key exchanges that are cryptographically weaker than recommended. Key exchanges should provide at least 224 bits of security, which translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges. An attacker with access to sufficient computational power might be able to recover the session key and decrypt session content." We would like to know if Apache Tomcat was flagged by having a weak DH (Diffie Hellman) key exchange or ECDH (Elliptic Curve) key exchange or RSA (Rivest - Shamir - Adleman) key exchange. How do we remediate this vulnerability to match the minimum requirements (RSA & DHE=2048; ECDHE= P-256) ? Thanks, Saicharan
