Weak Diffie-Hellman strength

victorvic · July 30, 2019, 10:51am

Hi,

We have a vulnerability scanner deployed in our company and we’ve been scanning a ELK stack environment we setup with SearchGuard as the security addon for the stack.

However, we can see that the scanner has detected the key strength of diffie-hellman to be < 2048 which it considers as a medium severity. How can we resolve this for searchguard?

EDIT: It’s reacting on the port 9300 TCP.

hsaly · July 30, 2019, 11:45am

Please provide your certificate details and more detailed output of the scanner (you can send confidential informations via PGP encrypted mail if necessary: Search Guard Security | Securing your Elasticsearch cluster with Search Guard)

How exactly did you create your SSL certificates?

system · August 20, 2019, 12:00pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Weak diffie-helman key size from TLStool Search Guard	3	907	October 1, 2020
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) Search Guard	6	1942	October 19, 2021
Search Guard pilot project, need some hints Search Guard	1	424	November 16, 2018
Signature length not correct: got 256 but was expecting 512 Search Guard	1	4312	February 13, 2018
Search Guard certificate error Search Guard	1	1202	February 1, 2018

Weak Diffie-Hellman strength

Related topics