Nessus scan against NAM reports "SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)" vulnerability

Document ID:7017021
Creation Date:25-Nov-2015
Modified Date:02-Dec-2015
- Micro Focus Products:
  Access Manager (NAM)

Environment

NetIQ Access Manager 4.1

Situation

In order to verify whether NAM components were hardened, a nessus scan was performed against each component with all plugins enabled. The following issue came back with a medium score from the IDP devices:

Medium (4.3) 83875 SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)

Resolution

Need to add the following entry to /opt/novell/nam/idp/conf/tomcat.conf file on the IDP server and restart IDP to address the vulnerability:

JAVA_OPTS="${JAVA_OPTS} -Djdk.tls.ephemeralDHKeySize=2048”