"Weak SSL/TLS Key Exchange" Detected in Third-Party Scan Report
(Doc ID 2911747.1)
Last updated on NOVEMBER 29, 2022
Applies to:
Java SE JDK and JRE - Version 8 and laterInformation in this document applies to any platform.
Goal
There are times customer uses a third party security scan software to check the security level of their environment. Often times the security scan report comes out with the warning of TLS weak ciphers being detected in certain Java instances:
"The SSL/TLS server supports key exchanges that are cryptographically weaker than recommended.
Key exchanges should provide at least 112 bits of security, which translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges."
This document provides instructions on how to disable TLS weak ciphers in Java to pass the security scan.
Java is a platform type of software and provides reasonable range of security settings for different types of customer to use. It's not built to meet certain security scan software. However Java's security component does keep up with industry technology and standard to ensure the user's Java environment is secured.
The page Oracle JRE and JDK Cryptographic Roadmap shows Java's security roadmap for your further reference.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |