Saicharan,
On 7/18/22 10:45, saicharan.bu...@wellsfargo.com.INVALID wrote:
Hi All,
A new vulnerability has surfaced regarding TLS and Key Exchange agreement (more
specifically the key size.)
"The SSL/TLS server supports key exchanges that are cryptographically weaker
than recommended. Key exchanges should provide at least 224 bits of security, which
translates
to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges. An
attacker with access to sufficient computational power might be able to recover the
session key and decrypt session content."
We would like to know if Apache Tomcat was flagged by having a weak DH (Diffie
Hellman) key exchange or ECDH
(Elliptic Curve) key exchange or RSA (Rivest - Shamir - Adleman) key exchange.
How do we remediate this vulnerability to match the minimum requirements
(RSA & DHE=2048; ECDHE= P-256) ?
Tomcat only uses the cryptographic providers supplied by the environment
in which it's running. You need to configure those environments
appropriately.
Have you detected a vulnerability, or are you asking a theoretical question?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
