HPE OneView
1833209 Members
2648 Online
110051 Solutions
New Discussion

OneView 8 vulnerability tls-dh-primes

 
psdrndm
Regular Visitor

OneView 8 vulnerability tls-dh-primes

I've OneView with FIPS and strong ciphers enabled installed, enabling TLS1.2 only.
but notice still detected vulnerability ID "tls-dh-primes", below is a summary for " tls-dh-primes"

"Generate random Diffie-Hellman parameters Configure the server to use a randomly generated Diffie-Hellman group. It's recommend that you generate a 2048-bit group.
The simplest way of generating a new group is to use OpenSSL: openssl dhparam -out dhparams.pem 2048... For other products see the remediation steps suggested by the original researchers. (https://weakdh.org/sysadmin.html)"

Please advise how to enable the Strong DH Group in OneView 8 as CLI now is not supported.

Thank you

4 REPLIES 4
ChrisLynch
HPE Pro

Re: OneView 8 vulnerability tls-dh-primes

Can you supply more information on this?

  • What HPE OneView release are you using?
  • How are you validating this?
I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
psdrndm
Regular Visitor

Re: OneView 8 vulnerability tls-dh-primes

  • What HPE OneView release are you using?
  • >> OneView 8, 8.00.00-0470555, API: 4600
  • How are you validating this?
  • >> Our Internal security tools
ChrisLynch
HPE Pro

Re: OneView 8 vulnerability tls-dh-primes

Please private message me the tool and report/test that is flagging this.
I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
psdrndm
Regular Visitor

Re: OneView 8 vulnerability tls-dh-primes

Please private message me the tool and report/test that is flagging this

>> Sent

>> To add, basically, nexpose detect OneView using the commonly used Diffie-Hellman primes.
>> tlsv1_2.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384.dh.keysize
>> I see the above TLS is still listed on Legacy cryptography mode and FIPS cryptography mode

Document - HPE OneView 8.0 User Guide for VMs | HPE Support