that openssl context and find the key size (set by libcurl) is too small compare to the key set by another layer. On Fri, Mar 15, 2013 at 2:00 PM, cnm marketing wrote. Diffie-Hellman Key Exchange addresses this problem and Internet Key Exchange (IKE) uses this Diffie-Hellman to ensure that a shared key can be generated and shared across a public connection in a way that is infeasible for anyone to work out the key. This shared key can then be used with an encryption algorithm such as DES, 3DES, IDEA etc. Mar 16, 2013 key size is a property of the key you have in a file or generated key. Libcurl and even the SSL layer will not change it. Debugging tip: See Yang's email to evaluate your client side key size to. But what do next? What kind of symmetric-key algorithm to use? DES requires key length to be exactly 56 bits. AES - 128/192/256 bits. We have no guarantee that key generated by DH will be n bits. It could be longer or even shorter. Do we have to reduce or extend key to fit it in AES or (3)DES? Or is there an algorithm that works with any key. Error: 'There was a problem with the restore' when restoring a backup from Portfolio 2.0 to Portfolio 2.1; Cannot download files from Portfolio Web using Safari on OS X 10.11 (Mac) See more Error: weak Diffie-Hellman key exchange, when Connecting to Portfolio 1.x over an SSL-secured connection.
As I can read in your blog article Logjam Vulnerability: PRTG Is Safe Since Version 14.4.12 (October 2014), PRTG uses pre-generated Diffie-Hellman (DH) parameters with a 1024-bit key by default. Is it possible to enhance this key, for example, to a 2048-bit key?
Votes:
2
Your Vote:
This article applies to PRTG Network Monitor 14.4.2 or later
PRTG comes with a high security standard that makes your network monitoring as secure as possible. All communication in PRTG is secured by SSL encryption where only the most secure ciphers are supported. We describe important security features of PRTG in the article What security features does PRTG include?
As of PRTG version 14.4.12, PRTG uses unique pre-defined Diffie-Hellman (DH) parameters with a 1024-bit key by default. This key length is sufficient for most scenarios, but if you want to enhance this key and generate a key that is longer than 1024-bits, you can do so as well. For example, you can manually generate a key with 2048-bits.
Creating a Longer Key for DH Parameters
Please follow the steps below to adjust the key length for Diffie-Hellman parameters:
- On your PRTG server, navigate to the cert subfolder of your PRTG installation directory.
- Open the file generatedh.bat with a text editor. By default, it contains the following command:
..openssl.exe dhparam -out dh.pem -2 1024 2> dh.log
- To create DH parameters with a 2048-bit key, replace 1024 with 2048 in generatedh.bat. When executed, this results in the file dh.pem with this key length.
- Please note that the longer the generated key is, the longer will it need to be generated. Because of this, we recommend that you temporarily use another output file for generatedh.bat. So, in the .bat file, change dh.pem to dh-long.pem, for example:
..openssl.exe dhparam -out dh-long.pem -2 2048 2> dh.log
- Stop the PRTG core server.
- Change the name of the newly created file dh-long.pem to the original name dh.pem
- Start the PRTG core server.
Done! PRTG now uses DH parameters with a 2048-bit key.
Is this related with the generating PDF´s ?
Hi there,
Yes. In one of the lastest version we introduced ECC (Elliptic Curve Cryptography) and some older versions hadn't generated the DH.pem files yet.
Best regards.
Please log in or register to enter your reply.
Error 0506706e Diffie Hellman Routines Generate_key Key Size Too Small Men
Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Error 0506706e Diffie Hellman Routines Generate_key Key Size Too Small Women