My Oracle Support Banner

"Weak SSL/TLS Key Exchange" Detected in Third-Party Scan Report (Doc ID 2911747.1)

Last updated on NOVEMBER 29, 2022

Applies to:

Java SE JDK and JRE - Version 8 and later
Information in this document applies to any platform.

Goal

There are times customer uses a third party security scan software to check the security level of their environment.  Often times the security scan report comes out with the warning of TLS weak ciphers being detected in certain Java instances:

            "The SSL/TLS server supports key exchanges that are cryptographically weaker than recommended.
             Key exchanges should provide at least 112 bits of security, which translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges."

This document provides instructions on how to disable TLS weak ciphers in Java to pass the security scan.

Java is a platform type of software and provides reasonable range of security settings for different types of customer to use.  It's not built to meet certain security scan software.   However Java's security component does keep up with industry technology and standard to ensure the user's Java environment is secured. 

The page  Oracle JRE and JDK Cryptographic Roadmap shows Java's security roadmap for your further reference.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.