Hi I am running the Industrial Edge Licenced version of Hive MQ.
I would appreciate assist to fix a vulnerability on one of my servers relating to a Weak SSL/TLS Key Exchange on port 8443
Hi I am running the Industrial Edge Licenced version of Hive MQ.
I would appreciate assist to fix a vulnerability on one of my servers relating to a Weak SSL/TLS Key Exchange on port 8443
Hello Amrith,
Some pentesting and SSL/TLS test tools mark some cipher suites (for example TLS_RSA) as deprecated/weak. Since the “cipher-suites” option is missing in your configuration file, Control Center uses the default cipher suites of your JDK.
You can give a try to explicitly define the accepted cipher suites by using the “cipher-suite” option in your HTTPS listener section. However, be aware that supporting a limited number of suites may prevent many clients from connecting to Control Center, in particular some older browsers.
You can find more information at Control Center Configuration :: HiveMQ Documentation
I also noticed that you are using “client-authentication-mode” option, this just apply for [tls-tcp-listener], doesn’t apply for [https] listener.
Best regards,
Diego from HiveMQ Team
Hi @ASEWPER ,
If you have a paid license for HiveMQ and do not yet have access to the Customer Support Portal, please contact our support team directly at support@hivemq.com. They will be able to assist you with gaining access to the portal and providing you with any support you require.
Kind regards,
Dasha from HiveMQ Team