ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Diffie-Hellman key exchange modulus size in Messaging Gateway

book

Article ID: 171901

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

For some secure TLS communication, the secure enchange of encryption keys occurs using the Diffie-Hellman (DH) key exchange algorithm. This algorithm allows for the exchange of information in such a way that both ends of the communication construct a shared encryption key without passing that key over an unsecure channel.

Messaging Gateway (SMG) 10.6.5 and earlier uses a 1024 bit DH key exchange modulus which may show up on some PCI compliance audits as a potential concern.

 

Resolution

While a 1024 bit DH key exchange modulus does not represent a significant security issue at this time, the modulus size is being increased in SMG 10.6.6 and later releases to ensure that SMG does not generate alerts on PCI compliance scans.