Deactivate insecure Diffie-Hellmann Algorithm for SSH KEX

book

Article ID: 221337

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

The use of deprecated Key-Exchange-Algorithms in SSH have been detected.

The problematic Key-Exchange Algorithm method is diffie-hellman-group1-sha1

How can this group be disabled?

Environment

Release : 10.7.4

Component :

Resolution

This issue can be resolved by using FIPS mode.

FIPS mode can be enabled per scanner from the command line using the following command (with one of three options):

fipsmode(on|off|status)