ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

weak DH vulnerability on site minder URL


Article ID: 185746


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER


We're running a CA Access Gateway (SPS) and we've found a

vulnerability in authentication when reaching 


Our vulnerability scanner reports the following vulnerability :

  The Diffie-Hellman parameter's size is only 1024 bits. A longer one
  must be generated to prevent Logjam vulnerability.

How can we fix that ?


CA Access Gateway (SPS) 12.52SP1;


On CA Access Gateway (SPS), remove from the configuration the DHE

ciphers that the scanner consider non-compliant :

  Default path :

  the ciphers are at the line :

  SSLCipherSuite [...]

If you can't modify this configuration, upgrade the CA Access
Gateway (SPS) to 12.8SP3 which out of the box doesn't present those
Ciphers for SSL access :