Prevent SSL LOGJAM

LOGJAM is a security vulnerability against a Diffie-Hellman key exchange using 512 to 1024 bit keys. The attack forces a downgrade on the TLS connection to use only 512 bits which allows to read and inject data into the connection.

Security Assessment

Security_Assessment_PreventSSLLOGJAM

CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Information

LOGJAM is a security vulnerability against a Diffie-Hellman key exchange using 512 to 1024 bit keys. The attack forces a downgrade on the TLS connection to use only 512 bits which allows to read and inject data into the connection. The algorithm uses in most cases the same pregenerated prime numbers which makes it way easier (and cheaper) to crack such an encryption.

Guides

To prevent LOGJAM, make sure that you do only use strong cipher suites and avoid weak primes. See Secure TLS Configuration for further instructions on configuring these.

For more information about Crashtest Security visit crashtest-security.com