Skip to main content

Prevent SSL LOGJAM attacks

LOGJAM is a security vulnerability against a Diffie-Hellman key exchange using 512 to 1024-bit keys. The attack forces a downgrade on the TLS connection to use only 512 bits which allows to read and inject data into the connection.

Security assessment

Security_Assessment_PreventSSLLOGJAM

CVSS vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability information

The Logjam attack can be executed on Diffie-Hellman cipher suites. They constitute a commonly used cryptographic algorithm, known as forward-secure crypto, which enables protocols to establish a secure connection after setting a shared key. The Diffie-Hellman key exchange is central to many protocols, including those that use RLS and HTTPS, SSH, IPsec, and SMTPS.

The security of the Diffie-Hellman key exchange is based on how complex it is to solve the discrete logarithm problem. Unfortunately, the algorithm uses the same pre-generated prime numbers in most cases, which makes it easier and cheaper to crack such encryption. With the help of a one-time computation, the discrete algorithm can be broken. Researchers found that it would take only 100,000 CPU core hours as an investment of time needed to do so.

The Logjam attack, as noted, is also related to the weaker export cipher suites. Connections to servers that use them for encryption are vulnerable despite having more robust Diffie-Hellman parameters. An active Man-in-the-Middle attacker can access the export-grade Diffie-Hellman parameters and crack them. Then they can use them to take over client connections.

In addition, the majority of servers use the same built-in Diffie-Hellman parameters. Researchers have thus theorized that an attacker can use the complex and expensive precomputation for cracking one server on numerous servers.

Prevent attacks

To counteract the Logjam vulnerability, you must ensure that you use only strong cipher suites and avoid weak primes.

In particular, you should check that TLS libraries are updated and that servers use 2048-bit or larger primes. Clients have to be set to reject Diffie-Hellman primes of less than 1024-bit.

You have to disable support for export cipher suites for web and mail servers and use a 2048-bit Diffie-Hellman group. For SSH, server and client installations need the updated version of OpenSSH that uses Elliptic-Curve Diffie-Hellman Key Exchange.

As for general users, it is recommended to keep web browsers constantly updated. This is because popular browsers always release fixes for significant threats regularly.

For information on the settings, see Secure TLS configuration.