CloudLink: Security scanner reports Weak SSL/TLS Key Exchange in CloudLink
Summary: CloudLink: Security scanner reports Weak SSL/TLS Key Exchange in CloudLink.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
CloudLink 7.1.0
Security scanner:
Security scanner:
PROTOCOL CIPHER NAME GROUP KEY-SIZE FORWARD-SECRET CLASSICAL-STRENGTH QUANTUM-STRENGTH TLSv1.2 ECDHE-RSA-AES256-SHA384 ECDHE ServerName 192 yes 96 low TLSv1.2 ECDHE-RSA-AES256-SHA384 ECDHE ServerName 163 yes 81 low Change the SSL/TLS server configuration to only allow strong key exchanges. Key exchanges should provide at least 112 bits of security, which translates to a minimum key size of 2048 bits for Diffie Hellman and RSA key exchanges or 224 bits for Elliptic Curve Diffie Hellman key exchanges.QID-38863
Cause
Older versions of CloudLink use a weaker cipher.
Resolution
To resolve this issue, upgrade CloudLink to 7.1.7 or above. CloudLink 7.1.9 is recommended as it is required for upgrading to version 8.x.
CloudLink 7.1.3 onwards, webTLS supports the below ciphers:
Review the upgrade procedures in the CloudLink Upgrade guides. https://www.dell.com/support/product-details/en-us/product/cloudlink-securevm/docs
CloudLink 7.1.3 onwards, webTLS supports the below ciphers:
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
Review the upgrade procedures in the CloudLink Upgrade guides. https://www.dell.com/support/product-details/en-us/product/cloudlink-securevm/docs
Affected Products
CloudLinkProducts
CloudLink SecureVMArticle Properties
Article Number: 000216707
Article Type: Solution
Last Modified: 05 Sep 2025
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.