I think I found the solution to this: https://www.thegeekdiary.com/how-to-disable-md5-based-hmac-algorithms-for-ssh/
On Tuesday, August 25, 2020 at 1:59:49 PM UTC-6 [email protected] wrote: > I'm confused. It doesn't look like the ciphers the vulnerability is > citing are allowed in the java.security file on this system. We're getting > flagged for: > > hmac-md5 > hmac-md5-96 > hmac-sha1-96 > > Settings are: > > jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, > \ > EC keySize < 224, 3DES_EDE_CBC, anon, NULL > > Am I missing this, not a java security expert by any means... Thanks! > On Monday, August 24, 2020 at 11:09:43 AM UTC-6 [email protected] wrote: > >> Yes, configuring the ciphers accepted by your JDK edit the >> file lib\security\java.security (the path will vary based on your Java >> version) >> >> El lunes, 24 de agosto de 2020 a las 16:48:22 UTC+2, [email protected] >> escribió: >> >>> Hi all! I'm getting hit by my secuity team for a vulnerability for the >>> Jenkins CLI via ssh allowing the following weak ciphers: >>> >>> hmac-md5 >>> hmac-md5-96 >>> hmac-sha1-96 >>> >>> Is there a way to configure ciphers accepted for the Jenkins CLI? >>> >>> Thanks, >>> Eric >>> >> -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/b18ae081-0456-40bf-808c-d82cb2f935c1n%40googlegroups.com.
