Weak SSL/TLS Key Exchange

Hi I am running the Industrial Edge Licenced version of Hive MQ.

I would appreciate assist to fix a vulnerability on one of my servers relating to a Weak SSL/TLS Key Exchange on port 8443

Screenshot of my config file

Hello Amrith,

Some pentesting and SSL/TLS test tools mark some cipher suites (for example TLS_RSA) as deprecated/weak. Since the “cipher-suites” option is missing in your configuration file, Control Center uses the default cipher suites of your JDK.

You can give a try to explicitly define the accepted cipher suites by using the “cipher-suite” option in your HTTPS listener section. However, be aware that supporting a limited number of suites may prevent many clients from connecting to Control Center, in particular some older browsers.

You can find more information at Control Center Configuration :: HiveMQ Documentation

I also noticed that you are using “client-authentication-mode” option, this just apply for [tls-tcp-listener], doesn’t apply for [https] listener.

Best regards,
Diego from HiveMQ Team

1 Like

If you have a paid license for HiveMQ and do not yet have access to the Customer Support Portal, please contact our support team directly at support@hivemq.com. They will be able to assist you with gaining access to the portal and providing you with any support you require.

Kind regards,
Dasha from HiveMQ Team