A client using SAM/PIM 12.92 is having non-compliance troubles with Diffie-Hellman key lenght:
We've tried to change JBoss and Tomcat configuration.
This changes increased the security ranking, but made the server unavailable.
Is this issue solvable by moving to PAM 3.1.1?
Thanks for helping me.
Tested on CA PAM 2.8.4 Hotfix 04
Not working with SSH DH size 2048.
Tested on CA PAM version 3.1.1 without any hotfix
It's working perfectly with SSH DH size 2048.
PAM 3.1.1 has an upper limit of 2048 inclusive. So, I believe the answer is yes, it can do exactly 2048, but not higher.
Here is our documented Known Issue that describes what we support:
"Java only supports Diffie Hellman (DH) Key Agreement for key sizes that are multiples of 64 and in the range from 512 to 2048 (inclusive)."
Known Issues - CA Privileged Access Manager - 3.1.1 - CA Technologies Documentation
CA Technologies - North America