Preventing the TLS Logjam Attack

Summary of Attack

For an in-depth explanation of the Logjam Attack and vulnerability see: https://weakdh.org/

 

Remediation

To remove this vulnerability from a Forum Sentry deployment, remove all DHE cipher suites from any SSL Policies.  For instance, with Sentry v8.1 and v8.3, there are some DHE cipher suites enabled by default.  Remove (deselect) any cipher suites that start with either "TLS_DHE_*" or "SSL_DHE_*".  

Removing all of the ECDHE cipher suites is not recommended (at least one should be included).

 

Testing

To test your public Sentry TLS/SSL listener policies for this vulnerability visit: https://weakdh.org/sysadmin.html

0 Comments

Article is closed for comments.