Tools

Troubleshoot website, network, and CDN issues for fast resolutions.

TLS Logjam Test

CVE-2015-4000

TLS Logjam Test FAQ

What is the Logjam TLS attack?

The Logjam attack (CVE-2015-4000) is against the TLS Protocol. That means it affects services that are using TLS. The attack gives a man-in-the-middle attacker the possibility to downgrade weak TLS connections to 512-bit exchange key cryptography. The attacker can read and manipulate the data, which is transferred between the peers using a TLS "secured" connection. The attack has similarities to the FREAK attack, but it is important to note that this is a flaw in the TLS protocol and not a vulnerability due to the implementation itself. It attacks a Diffie-Hellman (DH) key exchange. A server, respectively the services using TLS, that allows (have configured) DHE_EXPORT ciphers can be attacked. This impacts also all modern web browsers. According to the researchers are 8.4% of the "Top 1 Million" domains affected.

Read more about the Logjam TLS attack.

How to eliminate Logjam vulnerability?

Remove the weak ciphers from the accepted cipher list. This need to be done for each service that uses TLS (e.g. Apache, nginx, lighttpd, postfix, dovecot, sendmail, Microsoft IIS, etc). Detailed configuration examples could be found here: Guide to Deploying Diffie-Hellman for TLS

How to test Logjam via command line?

OpenSSL: openssl s_client -connect www.example.com:443 -cipher 'EXP'

nmap: nmap --script ssl-enum-ciphers -p 443 www.example.com

Get started for free

Try KeyCDN with a free 14 day trial, no credit card required.

Get startedPricing
KeyCDN uses cookies to make its website easier to use. Learn more about cookies.