Unsolved
1 Rookie
•
1 Message
0
679
March 13th, 2023 09:00
Remediate "TLS/SSL Server Supports Commonly Used Prime Numbers" for Dell EMC Unity 650F
We got the following security vulnerability from the our security team
Concern :TLS/SSL Server Supports Commonly Used Prime Numbers
Solution provided
| Generate random Diffie-Hellman parameters. Configure the server to use a randomly generated Diffie-Hellman group. It is recommend to generate at least a 2048-bit group. The simplest way of generating a new group is to use OpenSSL: openssl dhparam -out dhparams.pem 2048. To use the DH parameters in newer versions of Apache (2.4.8 and newer) and OpenSSL 1.0.2 or later, you can directly specify your DH params file as follows: SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}". If you are using Apache with LibreSSL, or Apache 2.4.7 and OpenSSL 0.9.8a or later, you can append the DHparams you generated earlier to the end of your certificate file and reload the configuration. |
How do we fix this? Dell EMC TSE suggesting to upgrade to 5.2 , will that work?
No Events found!
DELL-Sam L
Moderator
•
7.5K Posts
0
March 20th, 2023 07:00
Hello AyanRoy,
Here is a link to a KB that maybe of assistance. https://www.dell.com/support/kbdoc/en-us/000202982?lang=en
Here is also a link to Unity Family Security Configuration Guide as well in case you have not viewed this guide as well. https://dl.dell.com/content/manual51661175-dell-unity-family-security-configuration-guide.pdf?language=en-us&ps=true