LogJam exploit can force TLS down to 512 bytes, does it affect us? ?
Matthew Seaman
matthew at freebsd.org
Thu May 21 08:34:16 UTC 2015
On 05/20/15 23:48, Xin Li wrote:
> The document at https://weakdh.org/sysadmin.html gives additional
> information for individual daemons, including Apache (mod_ssl), nginx,
> lighttpd, Tomcat, postfix, sendmail, dovecot and HAProxy.
The part of that https://weakdh.org/ site that concerns me most is the
statement about 25.7% of SSH servers being vulnerable if the 1024bit D-H
group is broken. We've got pretty good instructions for hardening
anything that uses TLS against this attack, but not a lot on SSH. About
the only relevant thing I've found is:
http://blog.mro.name/2015/05/hardening-ssh-debian-wheezy/
which inter-alia suggests upgrading to OpenSSH-6.6 -- which has been in
FreeBSD-10 since March ---, modifying some config parameters:
KexAlgorithms, Ciphers, MACs and then regenerating ed25519 and rsa host
keys. Err... what? How are ed25519 and rsa host keys affected by a
downgrade attack on Diffie-Helman?
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20150521/3d161ee1/attachment.sig>
More information about the freebsd-ports
mailing list