within apache2 site configuration you can change the CipherSuites to remove all DH ciphers;
e.g
SSLCipherSuite ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AES:RSA+3DES:
!aNULL:!eNULL:
!EXPORT:!DES:!RC4:!MD5:
!PSK:!aECDH:!ADH:!AECDH:!MD5:!DSS:!aECDH:
!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
In this post I will show you howto test and how to reduce possible logjam attacks;1st; you need to disable support for SSL version3
SSLProtocol -ALL SSLv3
2nd; eliminate all DH ciphers
Restart the apache service and test via the logjam test sites;
https://weakdh.org/sysadmin.html
https://tools.keycdn.com/freak
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment