Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

ssl-enum-ciphers: Warning "Key exchange parameters of lower strength than certificate key"

From: "Kreuser, Peter" <pkreuser () airplus com>
Date: Thu, 19 May 2016 09:53:06 +0000
Hi all,

could  someone please explain this warning and how to fix it?

The situation is:

I use the same certificate in apache and tomcat.

Apache (and Tomcat native APR that uses openssl) gives:

|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

"no warning"

Tomcat:

|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp160k1) - A
...
|     warnings:
|       Key exchange parameters of lower strength than certificate key

Apparently the JSSE implementation with the java keystore does the key exchange with secp160k1 that is an equivalent of 
1024bit RSA and thus creates the warning.

Is this Java8 specific or can I change this. Or: should I even change this?

Thank You.

Peter

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: