Nessus scan against NAM reports "SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)" vulnerability

  • 7017021
  • 25-Nov-2015
  • 02-Dec-2015


NetIQ Access Manager 4.1


In order to verify whether NAM components were hardened, a nessus scan was performed against each component with all plugins enabled. The following issue came back with a medium score from the IDP devices:

Medium (4.3) 83875 SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)


Need to add the following entry to /opt/novell/nam/idp/conf/tomcat.conf file on the IDP server and restart  IDP to address the vulnerability:

JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.ephemeralDHKeySize=2048”