Highest Voted 'logjam' Questions - IT Security Stack Exchange

22

votes

2 answers

Why is Mozilla recommending predefined DHE groups?

In a revision dated 2016-10-31, Mozilla changed their Server Side TLS recommendation from generating a random DH group to the ones published in RFC 7919. Mozilla claims: These groups are audited and may be more resistant to attacks than ones…

tls diffie-hellman logjam

asked Jan 30 '17 at 04:42

willwill

495
5
9

9

votes

3 answers

Does the recommended course of action for preventing Logjam on Tomcat servers really eliminate all risks of weak DH keys?

Can anyone verify this fix secures against the Logjam vulnerability for Apache Tomcat? I'm sceptical about it's effectiveness, since it doesn't mention how to implement the user defined 2048 bit DH parameter file in Tomcat, but its cipher list does…

tls apache vulnerability tomcat logjam

asked May 21 '15 at 10:35

Casper

93
1
6

3

votes

1 answer

Setup Wireshark to decrypt TLS_DHE

I have a passively sniffed traffic dump of client/server were packets are encrypted with cipher suite Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e) With a Logjam attack I managed to find the DH private key. How do I setup Wireshark to…

wireshark diffie-hellman logjam

asked Mar 26 '18 at 09:42

Sirt

33
1
4

2

votes

0 answers

Clarification on DH groups

Nikto reports the following via the "ssl-dh-params" NSE script: Check results: | WEAK DH GROUP 1 | Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | Modulus Type: Safe prime | Modulus Source: mod_ssl…

vulnerability diffie-hellman logjam

asked Aug 24 '16 at 13:49

SilverlightFox

33,408
6
67
178

0

votes

0 answers

How to PoC the CVE-2015-4000 logjam vulnerability

I ran testssl.sh on a server and can see that it is vulenrable to logjam. Now I am interested in doing a PoC to validate the server is exploitable to this vulenrability. I searched through google but most articles explain the vulnerability and how…

tls openssl vulnerability logjam

asked Aug 24 '22 at 12:25

ethicalhacker

27
6

0

votes

2 answers

Command to check a website is vulnerable to Logjam

I am referring this post https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ and trying to see a website is vulnerable to Logjam or not. I try with www.google.com:443 but I am getting Server Temp Key: X25519, 253 bits. Does…

tls openssl diffie-hellman logjam

asked Oct 21 '19 at 11:09

Panadol Chong

101
1

0

votes

1 answer

Logjam definition question

As I understand it, the Logjam TLS attack is an attack that downgrades the DHE cipher suite used by the server to DHE_EXPORT. Where the client thinks it is talking DHE 512 and the server things it's talking DHE_EXPORT (which is 512 but with a…

tls diffie-hellman logjam

asked Jul 03 '17 at 13:14

Wealot

879
2
12
25

0

votes

1 answer

How can a RSA-2048 certificate be vulnerable to logjam attack?

Most likely I am missing some fundamentals: Our web servers are secured with TLS encryption. We use RSA-2048 bit certificates. The logjam attack targets the DH algorithm. How can our web servers be vulnerable to the logjam attack? Is a combination…

rsa diffie-hellman logjam

asked Feb 01 '16 at 05:37

gunnar247

13
2

Questions tagged [logjam]