TLS Weak Cipher Keys for Key Exchange.

[jo...@wellsfargo.com.INVALID]

Good afternoon.

Recently a new Qualys QID vulnerability was released, QID: 38863 - Cryptographically Weak Key Exchange Size, which deals with weak cipher key exchange key values. I know that we can add a cipher list in the TLS Connector in the server.xml, but is there a way to specify a Key size for the exchange?

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com<ma...@wellsfargo.com>
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.

RE: TLS Weak Cipher Keys for Key Exchange.

[jo...@wellsfargo.com.INVALID]

To possibly answer my own question, it appears that this can be done on the java command line:

set the system property jdk.security.defaultKeySize with the algorithm and its desired default key size. For example, to test a DSA default keysize of 2048, specify
"‑Djdk.security.defaultKeySize=DSA:2048"

on the java command-line.

However, I will wait for the team consensus.

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Senior Infrastructure Engineer
Asst. Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexander@wellsfargo.com
This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.


> -----Original Message-----
> From: jonmcalexander@wellsfargo.com.INVALID
> <jo...@wellsfargo.com.INVALID>
> Sent: Wednesday, July 20, 2022 12:10 PM
> To: users@tomcat.apache.org
> Subject: TLS Weak Cipher Keys for Key Exchange.
> 
> Good afternoon.
> 
> Recently a new Qualys QID vulnerability was released, QID: 38863 -
> Cryptographically Weak Key Exchange Size, which deals with weak cipher key
> exchange key values. I know that we can add a cipher list in the TLS
> Connector in the server.xml, but is there a way to specify a Key size for the
> exchange?
> 
> Thanks,
> 
> Dream * Excel * Explore * Inspire
> Jon McAlexander
> Senior Infrastructure Engineer
> Asst. Vice President
> He/His
> 
> Middleware Product Engineering
> Enterprise CIO | EAS | Middleware | Infrastructure Solutions
> 
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
> Tel 515-988-2508 | Cell 515-988-2508
> 
> jonmcalexander@wellsfargo.com<ma...@wellsfargo.com>
> This message may contain confidential and/or privileged information. If you
> are not the addressee or authorized to receive this for the addressee, you
> must not use, copy, disclose, or take any action based on this message or any
> information herein. If you have received this message in error, please advise
> the sender immediately by reply e-mail and delete this message. Thank you
> for your cooperation.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org