Monday, November 2, 2015

HOWTO: reduce potential logjam with apache2

In this post I will show you hwo to test and how to control  possible logjam  attacks

within apache2 site configuration you can change the CipherSuites to remove all DH ciphers;

e.g

SSLCipherSuite ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AES:RSA+3DES:
!aNULL:!eNULL:
!EXPORT:!DES:!RC4:!MD5:
!PSK:!aECDH:!ADH:!AECDH:!MD5:!DSS:!aECDH:
!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 
 

In this post I will show you howto test and how to reduce  possible logjam  attacks;

1st;  you need to disable support for SSL version3

SSLProtocol -ALL SSLv3

2nd; eliminate all  DH ciphers

 
Restart the apache service and test via the logjam test sites;



https://weakdh.org/sysadmin.html



https://tools.keycdn.com/freak



Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment