Command to check a website is vulnerable to Logjam First off, Logjam only applies to 'classic' aka integer aka modp aka Zp DH (E), not ever ECDH (E) Second, you were apparently using OpenSSL 1 1 1 which supports TLS1 3 -- which google also did and does, so by default it was selected and in TLS1 3 ciphersuites no longer control (or even influence) keyexchange If you use -no_tls1_3 -cipher EDH (or better -cipher DHE which has been preferred
How can a RSA-2048 certificate be vulnerable to logjam attack? Most likely I am missing some fundamentals: Our web servers are secured with TLS encryption We use RSA-2048 bit certificates The logjam attack targets the DH algorithm How can our web servers be
Logjam definition question - Information Security Stack Exchange In Logjam attack, the client presents a list of cipher suites (includes some strong cipher and EXPORT cipher as well) A Man-in-the-Middle attack will change this request such that highest grade cipher in the request becomes the EXPORT grade cipher The server doesn't want to reject this request (it could be an eCommerce website and server don't want to lose business), so the shared secret is
What are the OpenSSL standard Diffie-Hellman parameters (primes)? I recently generated some custom Diffie-Hellman parameters which are basically just long (in the below case 4096 bit) primes Those are then used in the key exchange process I used the following c