2015年5月20日 · Logjam is a cipher downgrade attack where a man in the middle can trick the end points into using a weak cipher. A weak cipher would allow the man in the middle to easily …

2015年5月21日 · (If the connections fails straight away, then the server does not support ephemeral Diffie-Hellman ("EDH" in OpenSSL-speak, "DHE" elsewhere) at all and you're safe …

2025年5月15日 · If it's something that starts with ecdsa-then you're safe from LogJam. Otherwise you'll have to have to count bytes again. And there'll have to be at least 256. (256 x 8 bits == …

2015年5月20日 · First off, Logjam only applies to 'classic' aka integer aka modp aka Zp DH(E), not ever ECDH(E). Second, you were apparently using OpenSSL 1.1.1 which supports TLS1.3 …

2015年6月25日 · In answer to your second question, for logjam to work, both the client AND the server have to support the old "export 512 bit DH connections". This is fixed by simply re …

2015年5月22日 · The problem with logjam is this: if you have a plain old group variant of DHE, then if you can persuade the server to downgrade to the export (weak variety) level strength, …

2025年1月15日 · But the description at Logjam notes "there is a passive network adversary able to eavesdrop" for Attack 1, and has a video displaying the plaintext of a post to an FBI site. …

2016年2月1日 · So if your server generates DH params that are too small (e.g. 512 bits) or it supports DHE_EXPORT (or anything else mentioned in the logjam paper), then you are still …

2015年6月10日 · Thanks for the reply, DH export cipher is vulnerable to logjam attack, but the list its being hard to find which are all DH export cipher – Prem M Commented Jun 10, 2015 at 3:43

2015年5月21日 · logjam is not (even remotely) a break of the Diffie-Hellman key exchange method. It is a weakness of the TLS protocol. It affects only sessions, not credentials. It will …