Possible false positive on SSL keysize?


#1

We’re seeing a possible issue with NVT 2016/gb_ssl_dh_weak_keysize_vuln.nasl (SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerabili… OID: 1.3.6.1.4.1.25623.1.0.106223).

It’s flagging an (in-house developed) server process for using a “Server Temp Key” of length 2040 (?):

Summary
The SSL/TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048).

Vulnerability Detection Result
Server Temporary Key Size: 2040 bits

But as far as we can tell the actual minimum keylength is 2048:

[10:40:36] polaris:~ # echo "" | openssl s_client -connect 172.16.3.53:5107 -cipher "EDH" 2>/dev/null | grep "^Server Temp Key"
Server Temp Key: DH, 2048 bits

Any ideas? This seems similar (if not identical) to a question on the old openvas-plugins mailing list from last July, but I saw no reply there:
http://lists.wald.intevation.org/pipermail/openvas-plugins/2018-July/001404.html

Obviously we can just ignore this particular result, but it would be nice to understand.


#2

I see the same thing on a cluster of 140 servers. I’ve done two scans so far, and each scan reports a single server as having 2040 bits keys instead of 2048, but each scan it’s a different server! The other servers are reported as OK. The server application is a Java/Jetty one, perhaps this has to do with it.