Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [logjam]

Logjam vulnerability - a security flaw in the TLS protocol used to establish secure connections over the internet

The Logjam vulnerability allows attackers to weaken cryptographic protections and potentially intercept sensitive information such as passwords, financial information, and other private data. It affects a wide range of software.

9 questions
17
votes
2 answers

Are there any security benefits to deploying custom SSH DH groups to client-only systems?

One suggested mitigative strategy against Logjam-related attacks on SSH is to generate custom SSH Diffie-Hellman groups using something like (the below being for OpenSSH) ssh-keygen -G moduli-2048.candidates -b 2048 ssh-keygen -T moduli-2048 -f…
user
  • 4,335
  • 4
  • 34
  • 71
10
votes
3 answers

Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration

Like every other admin, I"m working through the Logjam fix. I've upgraded to Apache 2.4.12 and openssl 1.0.2a on my centos 6.6 box. When I start apache, I'm seeing this error message returned: Invalid command 'SSLOpenSSLConfCmd', perhaps…
ryanlraines
  • 101
  • 1
  • 1
  • 3
6
votes
2 answers

How to fix Logjam vulnerability with MySQL

Since the latest openssl upgrade on my Debian server, my mysql clients are unable to connect and give the following message SSL connection error: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small I guess this is to prevent…
Lætitia
  • 2,085
  • 22
  • 33
6
votes
2 answers

How to fix the Logjam vulnerability in OpenVPN server config?

As of this writing (Day-2), there are quite few accurate guidelines as to how to mitigate Logjam for Apache and other web servers, such as this page: https://weakdh.org/sysadmin.html What are the similar instructions for OpenVPN servers? Is OpenVPN…
Serge Wautier
  • 419
  • 1
  • 5
  • 16
2
votes
2 answers

Fix logjam vulnerability in courier

The site weakdh.org explains how to fix postfix against the weak Diffie-Hellman attack called "logjam". But don't I have to fix courier too? Or do I have to migrate to dovecot to be logjam-safe?
rubo77
  • 2,469
  • 4
  • 34
  • 66
1
vote
2 answers

How to Make JBoss 5.1.0 GA Meet Diffie-Hellman Standards?

As non-experts on web server administration and security, we are struggling to update our JBoss 5.1.0 GA web server configuration to meet Diffie-Hellman standards. JBoss was installed for us as part of the middle tier in a larger platform. We have…
user2072931
  • 145
  • 1
  • 2
  • 6
1
vote
1 answer

SSL handshake with CentOS, curl and ECDHE

Since I limited my Ciphers to ECDHE because of the Logjam vulnerabilities, I am not able to do a curl from a Centos machine anymore. (works from Ubuntu) $ curl -v https://mysite.mydomain.com * Initializing NSS with certpath: sql:/etc/pki/nssdb * …
Bastien974
  • 1,896
  • 12
  • 44
  • 62
0
votes
0 answers

sendEmail dh key too small

We use sendEmail to interface to customers mail server and send e-mails out of our software. currently I am attempting to authenticate send email against an ATT e-mail account. I keep getting the error below. I have found some mention on how to…
Deldran
  • 11
  • 3
0
votes
0 answers

How is setting the system-wide cryptographic policy for Java supposed to work?

When migrating a proprietary Java (and Jetty) based application from RHEL7 to RHEL8 I learned something new: At least with OpenJDK 11 the JVM still defaults to a 1024 bit Diffie-Hellman group unless one specifies the system property…
mss
  • 435
  • 1
  • 6
  • 16