back to website

Werk #9521: Drop support for weak DH ciphers in Apache HTTPS config

Component Firmware
Title Drop support for weak DH ciphers in Apache HTTPS config
Date Mar 30, 2023
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed
Appliance Version 1.6.4

With this Werk two TLS ciphers are disabled from the HTTPS config:

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

The Diffie-Hellman group is considered to be weak. To our knowledge no attacks on these ciphers are known, this is a hardening measure.

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2025 Checkmk GmbH. All rights reserved.

Join our hybrid Monitoring Community event from May 20-22 in Munich and learn more about the latest Checkmk features and our roadmap at the Checkmk Conference #11

Register now