Weak cipher usage - diffie-hellman-group1-sha1

dimalini · April 14, 2020, 5:59pm

Hi, One of our customers has reported that in their machine where ES is configured, a scanner identified port 22 to be used by some ES dependent service and that it flagged for using a weak cipher - 'diffie-hellman-group1-sha1'.

Deprecated SSH Cryptographic Settings
Port: 22, Status: Open

QualysGuard - Retail: Type Name key exchange diffie-hellman-group1-sha1

OS : Windows Server 2012
ES version : 5.4.1

I couldn't find the same in my local machine.

Is anyone aware of this case, please share details.

Thanks,
Divya

ikakavas · April 14, 2020, 6:01pm

Port 22 is commonly used for SSH, and the message points to that also. This is unrelated to elasticsearch and elasricsearch doesnt depend on an SSH server / service

system · May 12, 2020, 6:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.