Check your websites for TLS Logjam vulnerability
A couple of months ago, a TLS protocol discovered a vulnerability called Logjam. Studies have shown that a large number of servers are vulnerable to this vulnerability, since using secure connections, they use the typical and most common simple encryption keys of 512 bits. Previously, this length could well have been enough to protect the client’s connection to the server. To date, studies have been conducted to calculate the most common keys. Host-tracker offers functionality that allows you to instantly check this vulnerability.
Identified three ways to conduct a Logjam attack. One way is due to the settings of the web server, which by default uses 512-bit DH-keys. To break such keys, you only need to “listen” to the traffic of this server, and then do the decryption. Two other methods involve conducting a man-in-the-middle attack. The first case involves the use of a special TLS connection acceleration mechanism, TLS False Start; in the second case, this mechanism is not required. However, both cases imply forcing the server to lower the cryptographic strength of the keys to 512-bit.
Most servers and clients, establishing a secure connection, use an encryption mechanism based on the Diffie-Hellman (DH) algorithm. By requesting a connection, the client can lower the encryption strength to the level of export ciphers using 512-bit DH keys. This is possible if the server supports the export cipher suite. Accordingly, the attacker connecting between the client and the server can intercept traffic and, on behalf of the client, request a decrease in the strength of the cipher. Researchers also report that in the presence of productive machines, it is easy to calculate 768-bit keys, and special services are able to decipher 1024-bit keys.
')
HostTracker offers a feature to check the server's vulnerability Logjam. This functionality is very simple and available as an option of the quick check service. To use it, you just need to check the box in the option Logjam, and in the text box enter the address of the server that should be checked. After some time, the Logjam check will produce a result based on a check of the cipher suite used by the server.
If the server supports export ciphers, EDH ciphers, a temporary DH-key with a length of 512 bits, then the Logjam service will detect these settings and list them as vulnerabilities. These parameters should be corrected on the server. Researchers even offered instructions for correct setting of SSL parameters for different servers. So, for the Apache server, it is suggested to set the value “On” in the SSLHonorCipherOrder parameter - this directive sets the priority for using ciphers set by the server. Also, in the SSLCipherSuite directive, export cipher suites should be disabled, and the SSLProtocol directive prohibit the use of SSLv2 and SSLv3 protocols.
Logjam in action
Identified three ways to conduct a Logjam attack. One way is due to the settings of the web server, which by default uses 512-bit DH-keys. To break such keys, you only need to “listen” to the traffic of this server, and then do the decryption. Two other methods involve conducting a man-in-the-middle attack. The first case involves the use of a special TLS connection acceleration mechanism, TLS False Start; in the second case, this mechanism is not required. However, both cases imply forcing the server to lower the cryptographic strength of the keys to 512-bit.
Most servers and clients, establishing a secure connection, use an encryption mechanism based on the Diffie-Hellman (DH) algorithm. By requesting a connection, the client can lower the encryption strength to the level of export ciphers using 512-bit DH keys. This is possible if the server supports the export cipher suite. Accordingly, the attacker connecting between the client and the server can intercept traffic and, on behalf of the client, request a decrease in the strength of the cipher. Researchers also report that in the presence of productive machines, it is easy to calculate 768-bit keys, and special services are able to decipher 1024-bit keys.
')
Quick Check Logjam
HostTracker offers a feature to check the server's vulnerability Logjam. This functionality is very simple and available as an option of the quick check service. To use it, you just need to check the box in the option Logjam, and in the text box enter the address of the server that should be checked. After some time, the Logjam check will produce a result based on a check of the cipher suite used by the server.
If the server supports export ciphers, EDH ciphers, a temporary DH-key with a length of 512 bits, then the Logjam service will detect these settings and list them as vulnerabilities. These parameters should be corrected on the server. Researchers even offered instructions for correct setting of SSL parameters for different servers. So, for the Apache server, it is suggested to set the value “On” in the SSLHonorCipherOrder parameter - this directive sets the priority for using ciphers set by the server. Also, in the SSLCipherSuite directive, export cipher suites should be disabled, and the SSLProtocol directive prohibit the use of SSLv2 and SSLv3 protocols.
Source: https://habr.com/ru/post/262765/
All Articles