Highest Voted 'logjam' Questions - Server Fault Stack Exchange

17

votes

2 answers

Are there any security benefits to deploying custom SSH DH groups to client-only systems?

One suggested mitigative strategy against Logjam-related attacks on SSH is to generate custom SSH Diffie-Hellman groups using something like (the below being for OpenSSH) ssh-keygen -G moduli-2048.candidates -b 2048 ssh-keygen -T moduli-2048 -f…

ssh ssh-keys logjam

asked May 23 '15 at 12:28

user

4,267
4
32
70

10

votes

3 answers

Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration

Like every other admin, I"m working through the Logjam fix. I've upgraded to Apache 2.4.12 and openssl 1.0.2a on my centos 6.6 box. When I start apache, I'm seeing this error message returned: Invalid command 'SSLOpenSSLConfCmd', perhaps…

apache-2.4 openssl logjam

asked Jun 10 '15 at 20:44

ryanlraines

101
1
1
3

6

votes

2 answers

How to fix Logjam vulnerability with MySQL

Since the latest openssl upgrade on my Debian server, my mysql clients are unable to connect and give the following message SSL connection error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small I guess this is to prevent…

mysql debian openssl logjam

asked Jun 22 '15 at 16:19

Læti

2,075
21
33

6

votes

2 answers

How to fix the Logjam vulnerability in OpenVPN server config?

As of this writing (Day-2), there are quite few accurate guidelines as to how to mitigate Logjam for Apache and other web servers, such as this page: https://weakdh.org/sysadmin.html What are the similar instructions for OpenVPN servers? Is OpenVPN…

openvpn tls logjam

asked May 22 '15 at 07:34

Serge Wautier

419
1
5
16

2

votes

2 answers

Fix logjam vulnerability in courier

The site weakdh.org explains how to fix postfix against the weak Diffie-Hellman attack called "logjam". But don't I have to fix courier too? Or do I have to migrate to dovecot to be logjam-safe?

ssl courier vulnerabilities logjam

asked May 21 '15 at 07:10

rubo77

2,282
3
32
63

1

vote

2 answers

How to Make JBoss 5.1.0 GA Meet Diffie-Hellman Standards?

As non-experts on web server administration and security, we are struggling to update our JBoss 5.1.0 GA web server configuration to meet Diffie-Hellman standards. JBoss was installed for us as part of the middle tier in a larger platform. We have…

security ssl jboss xml logjam

asked Sep 10 '15 at 14:55

user2072931

145
1
2
6

1

vote

1 answer

SSL handshake with CentOS, curl and ECDHE

Since I limited my Ciphers to ECDHE because of the Logjam vulnerabilities, I am not able to do a curl from a Centos machine anymore. (works from Ubuntu) $ curl -v https://mysite.mydomain.com * Initializing NSS with certpath: sql:/etc/pki/nssdb * …

centos ssl nss logjam

asked Jul 03 '15 at 19:47

Bastien974

1,824
12
43
61

0

votes

0 answers

sendEmail dh key too small

We use sendEmail to interface to customers mail server and send e-mails out of our software. currently I am attempting to authenticate send email against an ATT e-mail account. I keep getting the error below. I have found some mention on how to…

centos smtp logjam

asked Nov 18 '15 at 18:57

Deldran

11
3

0

votes

0 answers

How is setting the system-wide cryptographic policy for Java supposed to work?

When migrating a proprietary Java (and Jetty) based application from RHEL7 to RHEL8 I learned something new: At least with OpenJDK 11 the JVM still defaults to a 1024 bit Diffie-Hellman group unless one specifies the system property…

security java rhel8 cryptography logjam

asked Jul 21 '22 at 11:27

mss

435
1
6
16

Questions tagged [logjam]