Minimum Strong DH Key Length IT policy rule

Description

This rule specifies the minimum DH key size (in bits) that a BlackBerry device can use with TLS connections.

If you configure the minimum key size on the BlackBerry Enterprise Server to be greater than the minimum key size on the device, the device prompts aBlackBerry device user to trust every highly secure website that uses a key size in its certificate that is less than the minimum key size on the BlackBerry Enterprise Server. For example, if the user browses to a highly secure website that uses a 512-bit DH key in its certificate, the device prompts the user to trust the website. If the user trusts the website and selects the Don't Ask Again option, the minimum key size on the device is configured to 512 bits. If you set the minimum key size on the BlackBerry Enterprise Server to 2048 bits, the device prompts the user to trust every highly secure website that uses a key size in its certificate that is less than 2048 bits.

Possible values

• 512 to 4096 bits

Default value

• 1024 bits on the BlackBerry device
• 512 bits on the BlackBerry Enterprise Server

Minimum requirements

• BlackBerry Device Software 3.6.1

Rule introduction

• BlackBerry Enterprise Server 3.6