Dear customers,
For your information, Openssl reported a security issue concerning the Diffie-Hellman algorithm :
https://weakdh.org/This issue does not impact Genero product directly, however it does impact Web servers (Apache, Micosoft IIS, nginx, Lighttpd, etcetera) and mail servers (Sendmail, Postfix SMTP, etcetera).
To fix the problem, you can :
- Disable the Diffie-Hellmann ciphers from your web/Sendmail server, as described here:
https://weakdh.org/sysadmin.html - If you cannot disable the Diffie-Hellman ciphers as described in the link above, or if you use a GWS server provided by a Web server and you do not know whether the system administrator has disabled the Diffie-Hellman ciphers for that server:
Set the same cipher list on the GWS client side:
- Open your fglprofile file.
- Create the entry "security.global.cipher" with the following content (the fglprofile entry below must be on 1 line):
security.global.cipher = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
Best regards,
Four Js Development Tools