Logjam attack against the TLS protocol

OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-757 HIPAA-164.306 ISO27001-A.14.1.2 WASC-04 WSTG-CRYP-01

The Logjam is a security vulnerability against a Diffie–Hellman key exchange. It ranges from 512-bit to 1024-bit keys. It was publicly reported on May 20, 2015, by a group of scientists. This server is vulnerable to Logjam attack. This vulnerability allows an attacker to downgrade vulnerable TLS connections using Man-In-The-Middle (MITM) attack. This also allows the attacker to read and modify any data passed over the connection. The vulnerability is because the server is supporting DHE_EXPORT ciphers which can be easily attacked.

Logjam can be executed via two strategies:-

  • Cryptanalytical attack: This attack utilises pre-computation to crack Diffie-Hellman key exchange.
  • Protocol attack: This attack allows weaker versions of DH-based cipher suites to be selected.


This vulnerability can be exploited using a-man-in-the-middle attacks (MITM).

Mitigation / Precaution

Beagle recommends to:-

  • Disable support for export cipher suites and use a 2048-bit Diffie-Hellman group
  • Disable EXPORT cipher suits in the web server configuration.


This vulnerability can be fixed by adding the following code in the SSL configuration file.

        SSLCipherSuite !EXPORT


After adding the above code, restart Apache in the web server.


Add the following code in nginx.config file.

        ssl_ciphers '!EXPORT';


If ssl_ciphers is already configured, you must add !EXPORT with ssl_ciphers.

Related Articles