GM,
Has anyone had issues remediating IBM LDAP 4.4 "Weak Key Exchange"
vulnerability on their secure port?
Attempting to provide Cipher combos in slapd.env with no success.
sslCipherSpecs GSK_V3_CIPHER_SPECS_EXPANDED=00380039
or
sslCipherSpecs GSK_V3_CIPHER_SPECS_EXPANDED=C027C028
In CA LDAP by setting TLS key size to 2K the vulnerability is remediated. There
are no such TLS statements in IBM LDAP:
TLSDhMinKeySize 2048
TLSDsaMinKeySize 2048
TLSEccMinKeySize 194
TLSRsaMinKeySize 2048
Regards,
Jamie McGinley - BNY Mainframe Support
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
