Vantage - Weak SSL/TLS Key Exchange
search cancel

Vantage - Weak SSL/TLS Key Exchange


Article ID: 248415


Updated On:


Vantage Storage Resource Manager


The SSL/TLS server supports key exchange that are cryptographically weaker than recommended. Key exchanges should provide at least 224 bits of security, which translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges.



Release : 14.1

Component : Vantage Storage Resource Manager


Selection of a cipher suites and algorithms that are used for TLS communication is a compromise between the support for type/version of browsers and security.

In this case the advise is to set up the Tomcat to use only Strong encryption methods.

How to set up:

  1. Create a duplicate (backup) of server.xml file located in your runtime directory. (in case anything goes wrong, not required step)
    For example: /a/marek/webui/runtime/apache-tomcat-9.0.58/conf (server.xml)
  2. Edit server.xml file
  3. Find Connector element with port you set for Web client.
  4. Update Connector ciphers
    For example in my environment:
    <Connector SSLEnabled="true" acceptCount="100" algorithm="IbmX509" clientAuth="false" disableUploadTimeout="true"
    enableLookups="false" keystoreFile="safkeyring://VANTDEV/VANTRRNG" keystoreType="JCERACFKS"
    maxHttpHeaderSize="8192" maxSwallowSize="104857600" maxThreads="150" minSpareThreads="25" port="26555" scheme="https"
    secure="true" sslEnabledProtocols="+TLSv1.2" sslImplementationName="" sslProtocol="TLS"

The WebUI started task have to be recycled.