I am currently researching and will post results and how-to here.
Logjam Vulnerability
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Logjam Vulnerability
Starting a thread on the Logjam Vulnerability.
I am currently researching and will post results and how-to here.
I am currently researching and will post results and how-to here.
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Logjam Vulnerability
Apache already has DH 2048bit and export ciphers disabled. No action needed here. Apache is not vulnerable in EFA to logjam
Postfix is vulnerable.
To fix weak DH key:
Generate a 2048bit Diffie-Hellman key
Add the DH key to postfix:
More info located here:
http://postfix.1071664.n5.nabble.com/Di ... 63096.html
To disable export ciphers:
Postfix is vulnerable.
To fix weak DH key:
Generate a 2048bit Diffie-Hellman key
Code: Select all
sudo openssl dhparam -out /etc/postfix/ssl/dhparam.pem 2048
Code: Select all
sudo postconf -e "smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dhparam.pem"
http://postfix.1071664.n5.nabble.com/Di ... 63096.html
To disable export ciphers:
Code: Select all
sudo postconf -e "smtpd_tls_ciphers = low"
Code: Select all
sudo service postfix reload
-
shawniverson
- Posts: 3783
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact: