Skip to Content
avatar image
Former Member

SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)

Hi Experts,

We have scanned our sap systems with an symantic network tool and now we are facing new vulnerability as subject line in one of the system. I have checked in sdn, but no where i found any suggestions about the same.

Below is the output:

Vulnerable connection combinations :

SSL/TLS version    :  TLSv1.0

Cipher suite            :  TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA

Diffie-HEllman MODP size  (bits) : 512

Logjam attack difficulty  :  Easy  (could be carried out by individuals)

Description:

The remote host allows SSLl/TLS connections with opne or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (Depending on modulud size and attacker resources). This may allow to recover the plaintext or potentially violate the integrity of connections.

Solution:

Reconfigure the services to use a unique Diffie-Hellman moduli of 2048 bits or greater.

Please give your suggestions to get rid of this vulnerability.

Many thanks in advance.

Thanks,

Jaswanth.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Jul 09, 2015 at 09:46 AM

    Hi Jaswanth,

    Please go through this link , in this in detail analysis is given about Diffie-Hellman moduli.

    Morever you are required to install patches from your software vendors.

    tls - What is Logjam and how do I prevent it? - Information Security Stack Exchange

    Regards,

    Add comment
    10|10000 characters needed characters exceeded