HTTPS TLS Logjam vulnerability

Post Reply
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

HTTPS TLS Logjam vulnerability

Post by mark »

It has been discovered that TLS connections can be tricked into using easily crackable keys if export grade ciphers are enabled in both client and server. This vulnerability has been nicknamed "Logjam". See CVE-2015-4000 and https://weakdh.org .

Turning off export grade ciphers will eliminate the vulnerability. On your Thunderstone Search appliance admin interface go to "HTTPS/SSL Ciphers" under "System Wide Settings". If you have "DEFAULT" or "DEFAULT:!LOW" change it to "DEFAULT:!LOW:!EXPORT" then Update. Many have already done this to address the earlier "FREAK" vulnerability.
Post Reply