Logjam attack against the TLS protocol

The Logjam is a security vulnerability against a Diffie–Hellman key exchange. It ranges from 512-bit to 1024-bit keys. It was publicly reported on May 20, 2015, by a group of scientists. This server is vulnerable to Logjam attack. This vulnerability allows an attacker to downgrade vulnerable TLS connections using Man-In-The-Middle (MITM) attack. This also allows the attacker to read and modify any data passed over the connection. The vulnerability is because the server is supporting DHE_EXPORT ciphers which can be easily attacked.

Logjam can be executed via two strategies:-

  • Cryptanalytical attack: This attack utilises pre-computation to crack Diffie-Hellman key exchange.
  • Protocol attack: This attack allows weaker versions of DH-based cipher suites to be selected.

Impact

This vulnerability can be exploited using a-man-in-the-middle attacks (MITM).

Mitigation / Precaution

Beagle recommends to:-

  • Disable support for export cipher suites and use a 2048-bit Diffie-Hellman group
  • Disable EXPORT cipher suits in the web server configuration.

Apache

This vulnerability can be fixed by adding the following code in the SSL configuration file.

        SSLCipherSuite !EXPORT

    

After adding the above code, restart Apache in the web server.

Nginx

Add the following code in nginx.config file.

        ssl_ciphers '!EXPORT';

    

If ssl_ciphers is already configured, you must add !EXPORT with ssl_ciphers.

Related Articles