Solved: CSPC encryption question

TeamIBOS70148 · ‎08-24-2021

I have a customer whose security team is being alerted that 2.8.1.8 is running 1024 bit encryption instead of their recommended 2048. Is there a way to change this in CSPC? Or is 2.9.X using higher level?

madhushr · ‎08-31-2021

Hi,

As informed in the Private message, I was testing in my Lab environment on this. This is not a vulnerability in CSPC but it is the vulnerability in OS level. Since CSPC 2.8 version run on CentOS 6, you are getting this alert.

However, it is resolved in CentOS 8. Hence you can upgrade the CSPC to the latest build 2.9.1.1. For your reference below is the screenshot where I have tested the same in my lab and it is using RSA 3072 key which is higher bit ssh key.

Thanks and Regards,

Madhusha R

View solution in original post

madhushr · ‎08-25-2021

Hi

We are looking into your post and we will get back to you with an update at the earliest.

Thanks and Regards,

Madhusha R

madhushr · ‎08-25-2021

Hi,

Could you please share the screenshot of the alert that your team is getting over the Private Message?

Also, kindly elaborate your concern for further clarification.

Thanks and Regards,

Madhusha R

madhushr · ‎08-31-2021

Hi,

As informed in the Private message, I was testing in my Lab environment on this. This is not a vulnerability in CSPC but it is the vulnerability in OS level. Since CSPC 2.8 version run on CentOS 6, you are getting this alert.

However, it is resolved in CentOS 8. Hence you can upgrade the CSPC to the latest build 2.9.1.1. For your reference below is the screenshot where I have tested the same in my lab and it is using RSA 3072 key which is higher bit ssh key.

Thanks and Regards,

Madhusha R