SSL/TLS Diffie-Hellman Modulus Vulnerability defected on API Gateway server listen ports.

API Gateway Supported versions.

The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.

Go to Policy Manager > Tasks > Transport > Manage Listen Ports > Listen Port Properties > SSL/TLS Settings tab and uncheck the following cipher suites under Enabled Cipher Suites.

Port 8443 and 9443 and 2124:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

TLS_DHE_RSA_WITH_AES_128_CBC_SHA