Environment
NetIQ Access Manager 4.1
Situation
In order to verify whether NAM components were hardened, a nessus scan was performed against each component with all plugins enabled. The following issue came back with a medium score from the IDP devices:
Medium (4.3) 83875 SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Medium (4.3) 83875 SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
Resolution
Need to add the following entry to /opt/novell/nam/idp/conf/tomcat.conf file on the IDP server and restart IDP to address the vulnerability:
JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.ephemeralDHKeySize=2048”
JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.ephemeralDHKeySize=2048”