1. Support Center
  2. SSL / TLS Vulnerabilities
  3. Specific certificate vulnerabilities

How to Prevent SSL LOGJAM

LOGJAM is a security vulnerability against a Diffie-Hellman key exchange using 512 to 1024 bit keys. The attack forces a downgrade on the TLS connection to use only 512 bits which allows to read and inject data into the connection.

Security Assessment

Security_Assessment_PreventSSLLOGJAM

CVSS Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vulnerability Information

LOGJAM is a security vulnerability against a Diffie-Hellman key exchange using 512 to 1024 bit keys. The attack forces a downgrade on the TLS connection to use only 512 bits which allows to read and inject data into the connection. The algorithm uses, in most cases, the same pre-generated prime numbers, which make it way more accessible (and cheaper) to crack such encryption.

Guides

To prevent LOGJAM, make sure that you only use strong cipher suites and avoid weak primes. See Secure TLS Configuration for further instructions on configuring these.

For more information about Crashtest Security, visit crashtest-security.com.