Diffie-Hellman key exchange modulus size in Messaging Gateway

book

Article ID: 171901

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

For some secure TLS communication, the secure enchange of encryption keys occurs using the Diffie-Hellman (DH) key exchange algorithm. This algorithm allows for the exchange of information in such a way that both ends of the communication construct a shared encryption key without passing that key over an unsecure channel.

Messaging Gateway (SMG) 10.6.5 and earlier uses a 1024 bit DH key exchange modulus which may show up on some PCI compliance audits as a potential concern.

 

Resolution

While a 1024 bit DH key exchange modulus does not represent a significant security issue at this time, the modulus size is being increased in SMG 10.6.6 and later releases to ensure that SMG does not generate alerts on PCI compliance scans.