Hi Experts,

We have scanned our sap systems with an symantic network tool and now we are facing new vulnerability as subject line in one of the system. I have checked in sdn, but no where i found any suggestions about the same.

Below is the output:

Vulnerable connection combinations :

SSL/TLS version    :  TLSv1.0

Cipher suite            :  TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA

Diffie-HEllman MODP size  (bits) : 512

Logjam attack difficulty  :  Easy  (could be carried out by individuals)

Description:

The remote host allows SSLl/TLS connections with opne or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (Depending on modulud size and attacker resources). This may allow to recover the plaintext or potentially violate the integrity of connections.

Solution:

Reconfigure the services to use a unique Diffie-Hellman moduli of 2048 bits or greater.

Please give your suggestions to get rid of this vulnerability.

Many thanks in advance.

Thanks,

Jaswanth.