Nmap Development mailing list archives
ssl-enum-ciphers: Warning "Key exchange parameters of lower strength than certificate key"
From: "Kreuser, Peter" <pkreuser () airplus com>
Date: Thu, 19 May 2016 09:53:06 +0000
Hi all, could someone please explain this warning and how to fix it? The situation is: I use the same certificate in apache and tomcat. Apache (and Tomcat native APR that uses openssl) gives: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A "no warning" Tomcat: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp160k1) - A ... | warnings: | Key exchange parameters of lower strength than certificate key Apparently the JSSE implementation with the java keystore does the key exchange with secp160k1 that is an equivalent of 1024bit RSA and thus creates the warning. Is this Java8 specific or can I change this. Or: should I even change this? Thank You. Peter
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ssl-enum-ciphers: Warning "Key exchange parameters of lower strength than certificate key" Kreuser, Peter (May 19)
- <Possible follow-ups>
- ssl-enum-ciphers: Warning "Key exchange parameters of lower strength than certificate key" Kreuser, Peter (May 20)