How to fix
The best way to mitigate the risk is to deploy Diffie-Hellman correctly for TLS by following below implementation:
-
Disable Export Cipher Suites
-
Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE)
-
Generate a Strong, Unique Diffie Hellman Group
-
Make sure any TLS libraries in used are up-to-date and that rejects Diffie-Hellman Groups smaller than 1024-bit.
It is recommended to ensure that the most recent version of browser is installed, and check for updates frequently as Google Chrome (including Android Browser), Mozilla Firefox, Microsoft Internet Explorer, and Apple Safari are all deploying fixes for the Logjam attack.
References
https://weakdh.org/sysadmin.html http://thehackernews.com/2015/05/logjan-ssl-vulnerability.html |