Weak SSL/TLS Key Exchange

ASEWPER · March 15, 2023, 10:13am

Hi I am running the Industrial Edge Licenced version of Hive MQ.

I would appreciate assist to fix a vulnerability on one of my servers relating to a Weak SSL/TLS Key Exchange on port 8443

ASEWPER · March 15, 2023, 10:13am

Screenshot of my config file

Diego · March 15, 2023, 1:14pm

Hello Amrith,

Some pentesting and SSL/TLS test tools mark some cipher suites (for example TLS_RSA) as deprecated/weak. Since the “cipher-suites” option is missing in your configuration file, Control Center uses the default cipher suites of your JDK.

You can give a try to explicitly define the accepted cipher suites by using the “cipher-suite” option in your HTTPS listener section. However, be aware that supporting a limited number of suites may prevent many clients from connecting to Control Center, in particular some older browsers.

You can find more information at Control Center Configuration :: HiveMQ Documentation

I also noticed that you are using “client-authentication-mode” option, this just apply for [tls-tcp-listener], doesn’t apply for [https] listener.

Best regards,
Diego from HiveMQ Team

Daria_H · March 21, 2023, 4:10pm

Hi @ASEWPER ,
If you have a paid license for HiveMQ and do not yet have access to the Customer Support Portal, please contact our support team directly at support@hivemq.com. They will be able to assist you with gaining access to the portal and providing you with any support you require.

Kind regards,
Dasha from HiveMQ Team

Topic		Replies	Views
Constraint cipher suites in mqtt client	3	403	October 26, 2023
TLS 1.3 The client and server communicate Exception HiveMQ Community Edition	5	1188	March 10, 2022
Connection between Kepserver (Kepware) and Hive MQ HiveMQ Community Edition	15	2363	September 12, 2022
HiveMQ Cloud: cipher suite is not supported by client device HiveMQ Cloud	3	516	September 16, 2021
No_ciphers_available HiveMQ Community Edition	1	866	November 21, 2022

Weak SSL/TLS Key Exchange

Related Topics