Changing Logjam configuration property

The Logjam configuration parameter is LOGJAM_DHKEYSIZE_2048_BITS_ENABLED. The default value is LOGJAM_DHKEYSIZE_2048_BITS_ENABLED: true.

You can set the parameter value to true or false.

Set LOGJAM_DHKEYSIZE_2048_BITS_ENABLED to true to avoid Logjam security vulnerability attack to disallow SHA-1 and Diffie-Hellman key exchange (DH) that is less than 2048 bits.

Following are the steps to change the value:

Changing the parameter value by using kubectl

1. Install the kubectl CLI.

2. Edit the platform-auth-idp ConfigMap.

   kubectl -n ibm-common-services edit configmap platform-auth-idp
   

3. Change the following attribute values as required:

   • Set LOGJAM_DHKEYSIZE_2048_BITS_ENABLED to true or false.

4. Save and close the ConfigMap.

5. Restart the auth-idp pods

   kubectl -n ibm-common-services delete pod -l k8s-app=auth-idp
   

6. Wait for some time. Then, check the status of the auth-idp pods. The status must show as 4/4 Running for all the pods.

   kubectl -n ibm-common-services get pods | grep auth-idp
   

Changing the parameter values by using the console

1. Log in to the OpenShift Container Platform console as a user with cluster administrator access.
2. From the navigation menu, click Workloads > Config Maps.
3. Search for platform-auth-idp.
4. Click ... > Edit Config Map.
5. Change the LOGJAM_DHKEYSIZE_2048_BITS_ENABLED parameter value to true or false.
6. Click Submit.
7. From the navigation menu, click Workloads > Deployments.
8. Locate auth-idp.
9. Click ... > Edit Deployment. A window for editing displays.
10. Click Save without making any change. This step is to reload the auth-idp pods with the latest ConfigMap values.
11. Click auth-idp.
12. Wait for some time. Then, check the status of the auth-idp pods in the Pods pane. The status of all the pods must show as 4/4 under the Ready field name.