efa-project.org


https://forum.efa-project.org/

Logjam Vulnerability

https://forum.efa-project.org/viewtopic.php?t=1082

Page 1 of 1

Logjam Vulnerability

Posted: 21 May 2015 00:46
by shawniverson
Starting a thread on the Logjam Vulnerability.

I am currently researching and will post results and how-to here. :ugeek:

Re: Logjam Vulnerability

Posted: 24 May 2015 18:48
by shawniverson
Apache already has DH 2048bit and export ciphers disabled. No action needed here. Apache is not vulnerable in EFA to logjam

Postfix is vulnerable.

To fix weak DH key:

Generate a 2048bit Diffie-Hellman key

Code: Select all

sudo openssl dhparam -out /etc/postfix/ssl/dhparam.pem 2048
Add the DH key to postfix:

Code: Select all

sudo postconf -e "smtpd_tls_dh1024_param_file = /etc/postfix/ssl/dhparam.pem"
More info located here:
http://postfix.1071664.n5.nabble.com/Di ... 63096.html

To disable export ciphers:

Code: Select all

sudo postconf -e "smtpd_tls_ciphers = low"

Code: Select all

sudo service postfix reload

Re: Logjam Vulnerability

Posted: 24 May 2015 19:00
by shawniverson
https://github.com/E-F-A/v3/issues/188
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited