Security issues regarding key exchange algorithms
Document ID :
Last Modified Date :
Show Technical Document Details
CA API Management Gateway
CA API Management Gateway:Release:9.2
I want to exclude specific elliptic curves from the key-exchange algorithms of the cipher suites.
I know, that you can exclude a complete cipher suite, but I only want to exclude some elliptic curves, that are deemed as unsafe
To exclude a complete cipher suite you would use the steps as explained
To just exclude some elliptic curves, you will need to modify the java.security file, that is driving the selection and availability of the ciphers and algorithms:
Please have a check on the java.security file at /opt/SecureSpan/JDK/jre/lib/security/
Via this you can disable certain Algorithms.
The line stating
should be changed to
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, DES40_CBC, RC4_40
This should cut out the unreliable algorithms. Please note, that we have made changes in later CR and in 9.3 to already improve and exclude some/all of those algorithms.
Was this information helpful?