OneView 8 vulnerability tls-dh-primes

psdrndm · ‎03-08-2023

I've OneView with FIPS and strong ciphers enabled installed, enabling TLS1.2 only.
but notice still detected vulnerability ID "tls-dh-primes", below is a summary for " tls-dh-primes"

"Generate random Diffie-Hellman parameters Configure the server to use a randomly generated Diffie-Hellman group. It's recommend that you generate a 2048-bit group.
The simplest way of generating a new group is to use OpenSSL: openssl dhparam -out dhparams.pem 2048... For other products see the remediation steps suggested by the original researchers. (https://weakdh.org/sysadmin.html)"

Please advise how to enable the Strong DH Group in OneView 8 as CLI now is not supported.

Thank you

ChrisLynch · ‎03-10-2023

Can you supply more information on this?

What HPE OneView release are you using?
How are you validating this?

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

psdrndm · ‎03-12-2023

What HPE OneView release are you using?
>> OneView 8, 8.00.00-0470555, API: 4600
How are you validating this?
>> Our Internal security tools

ChrisLynch · ‎03-12-2023

Please private message me the tool and report/test that is flagging this.

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]

psdrndm · ‎03-13-2023

Please private message me the tool and report/test that is flagging this

>> Sent

>> To add, basically, nexpose detect OneView using the commonly used Diffie-Hellman primes.
>> tlsv1_2.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384.dh.keysize
>> I see the above TLS is still listed on Legacy cryptography mode and FIPS cryptography mode

Document - HPE OneView 8.0 User Guide for VMs | HPE Support

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

OneView 8 vulnerability tls-dh-primes

OneView 8 vulnerability tls-dh-primes

Re: OneView 8 vulnerability tls-dh-primes

Re: OneView 8 vulnerability tls-dh-primes

Re: OneView 8 vulnerability tls-dh-primes

Re: OneView 8 vulnerability tls-dh-primes