Summary of Attack
For an in-depth explanation of the Logjam Attack and vulnerability see: https://weakdh.org/
Remediation
To remove this vulnerability from a Forum Sentry deployment, remove all DHE cipher suites from any SSL Policies. For instance, with Sentry v8.1 and v8.3, there are some DHE cipher suites enabled by default. Remove (deselect) any cipher suites that start with either "TLS_DHE_*" or "SSL_DHE_*".
Removing all of the ECDHE cipher suites is not recommended (at least one should be included).
Testing
To test your public Sentry TLS/SSL listener policies for this vulnerability visit: https://weakdh.org/sysadmin.html
0 Comments