uOS Security Update: Removal of DHE Key Exchange






As part of its continued commitment to stronger cybersecurity, Zyxel's latest uOS version 1.32 introduces an important change: the removal of DHE (Diffie-Hellman Ephemeral) key exchange for services such as SSL VPN, HTTPS, SSH, and FTPS.
Why Remove DHE?
DHE key exchange requires large key sizes (e.g., 2048-bit or 4096-bit parameters) and higher computational overhead to achieve modern security levels
Although DHE was originally designed to support perfect forward secrecy, it has several known weaknesses when implemented with small key sizes (e.g., 512 or 1024 bits).
Affected Services
uOS removes DHE by default as one of the possible key exchange method when using the following services:
- SSLVPN
- SSH
- FTPS
- HTTPS
Configuration Notes
If customers need to support DHE for custom or legacy systems, they can use the CLI to enable it again.
- For HTTP connection: usgflex200hp running vrf main# http-server secure-server dhe-algo {true | false}
- For SSH connection: usgflex200hp running vrf main# ssh-server dhe-algo {true | false}
- For FTPS connection: usgflex200hp running vrf main# ftp-server dhe-algo {true | false}
- For SSL VPN connection: VPN clients officially supported/approved by Zyxel (SecuExtender) already supports superior key exchange methods
Compatibility with OpenVPN Clients
There are no compatibility issues with OpenVPN:
- Zyxel VPN solutions use standard-compliant, secure key exchange methods.
- Clients will automatically negotiate the appropriate supported cipher suite.
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 165 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 364 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight