back to website

Werk #9521: Drop support for weak DH ciphers in Apache HTTPS config

Component Firmware
Title Drop support for weak DH ciphers in Apache HTTPS config
Date Mar 30, 2023
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed
Appliance Version 1.6.4

With this Werk two TLS ciphers are disabled from the HTTPS config:

  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

The Diffie-Hellman group is considered to be weak. To our knowledge no attacks on these ciphers are known, this is a hardening measure.

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2025 Checkmk GmbH. All rights reserved.

Join our Checkmk Conference #12 – the hybrid Monitoring Community event in Munich, on June 16-18 – to explore new Checkmk features, best practices, and our roadmap.

Register now