Security scan report "SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability" for port 6547 used by PowerChute.
Product Lines:
PowerChute Business Edition 10.0.1, 10.0.2, 10.0.3, 10.0.4
PowerChute Network Shutdown 4.4, 4,4,1, 4,4,2, 4,4,3
Environment:
All supported OS
Cause:
Week cipher suite
Solution:
Edit the java.security file and disallow DH cipher suite less than 2048
PowerChute Business Edition on Windows OS the java.security file will be found in
C:\Program Files (x86)\APC\PowerChute Business Edition\jre\conf\security if PowerChute has been installed to the default path.
PowerChute Business Edition on Linux OS the java.security file will be found in
/opt/APC/PowerChuteBusinessEdition/jre/config/security if PowerChute has been installed to the default path.
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, \
# rsa_pkcs1_sha1, secp224r1
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
Change to
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 2048, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
PowerChute Network Shutdown on Windows 64 bit OS the java.security file will be found in
C:\Program Files\APC\PowerChute\jre_x64\conf\security
PowerChute Network Shutdown 4.4.1 on Linux OS the java.security file will be found in
/opt/APC/PowerChute/jre-15.0.1/config/security if PowerChute has been installed to the default path.
Add the link DH keySize < 2048,
# Example:
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
#
#
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
include jdk.disabled.namedCurves
Add
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, DH keySize < 2048,\
include jdk.disabled.namedCurves
NOTE:
- If running an older version, upgrading to the latest and following the steps above is recommended.
- This issue was resolved with the release of PowerChute Business Edition Agent 10.0.5, PowerChute Serial Shutdown version 1, and PowerChute Network Shutdown 5
Released for: Schneider Electric Malaysia
Security scan report "SSL/TLS: Diffie-Hellman Key Exchange Insufficient DH Group Strength Vulnerability" for port 6547 used by PowerChute.
Product Lines:
PowerChute Business Edition 10.0.1, 10.0.2, 10.0.3, 10.0.4
PowerChute Network Shutdown 4.4, 4,4,1, 4,4,2, 4,4,3
Environment:
All supported OS
Cause:
Week cipher suite
Solution:
Edit the java.security file and disallow DH cipher suite less than 2048
PowerChute Business Edition on Windows OS the java.security file will be found in
C:\Program Files (x86)\APC\PowerChute Business Edition\jre\conf\security if PowerChute has been installed to the default path.
PowerChute Business Edition on Linux OS the java.security file will be found in
/opt/APC/PowerChuteBusinessEdition/jre/config/security if PowerChute has been installed to the default path.
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, \
# rsa_pkcs1_sha1, secp224r1
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
Change to
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 2048, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
include jdk.disabled.namedCurves
PowerChute Network Shutdown on Windows 64 bit OS the java.security file will be found in
C:\Program Files\APC\PowerChute\jre_x64\conf\security
PowerChute Network Shutdown 4.4.1 on Linux OS the java.security file will be found in
/opt/APC/PowerChute/jre-15.0.1/config/security if PowerChute has been installed to the default path.
Add the link DH keySize < 2048,
# Example:
# jdk.certpath.disabledAlgorithms=MD2, DSA, RSA keySize < 2048
#
#
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
include jdk.disabled.namedCurves
Add
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, DH keySize < 2048,\
include jdk.disabled.namedCurves
NOTE:
- If running an older version, upgrading to the latest and following the steps above is recommended.
- This issue was resolved with the release of PowerChute Business Edition Agent 10.0.5, PowerChute Serial Shutdown version 1, and PowerChute Network Shutdown 5
Released for: Schneider Electric Malaysia






Need help?
Start here!
Find answers now. Search for a solution on your own, or connect with one of our experts.
Contact Support
Reach out to our customer care team to receive more information, technical support, assistance with complaints and more.
Where to buy?
Easily find the nearest Schneider Electric distributor in your location.
Search FAQs
Search topic-related frequently asked questions to find answers you need.
Contact Sales
Start your sales enquiry online and an expert will connect with you.