Logjam TLS attack
Security researchers have discovered a new attack on the TLS protocol
named Logjam. This attack allows an attacker who
can modify network traffic to force vulnerable TLS connections to use
known-insecure key lengths. The attack only affects servers supporting
the DHE_EXPORT
ciphers.
Additionally, the researchers found that commonly used values that are part of the Diffie-Hellman cryptographic key exchange used by TLS may be vulnerable to attack by very powerful entities, such as nation-states.
What We Have Done
The research provided three recommendations to secure TLS connections:
- Disable Export Cipher Suites. ServerPilot has never enabled the
DHE_EXPORT
ciphers on your servers, so no action was needed. - Deploy Elliptic-Curve Diffie-Hellman Key Exchange (ECDHE). ServerPilot already enables ECDHE on your servers, so no action was needed.
- Use 2048-bit Diffie-Hellman Prime Number Groups. We have updated all servers to use 2048-bit Diffie-Hellman groups.
What You Should Do
No action is required by you.
How to Verify Your Server Is Secure
The researchers provided a tool for verifying your server is secure against Logjam. You can enter your server’s IP address, and the tool will confirm your server is not vulnerable.
Don’t hesitate to contact us if you have any questions.