Logjam test - Is your webserver attackable? TLS vulnerability check against the Logjam attack.
The Logjam attack (CVE-2015-4000) is against the TLS Protocol. That means it affects services that are using TLS. The attack gives a man-in-the-middle attacker the possibility to downgrade weak TLS connections to 512-bit exchange key cryptography. The attacker can read and manipulate the data, which is transferred between the peers using a TLS "secured" connection. The attack has similarities to the FREAK attack, but it is important to note that this is a flaw in the TLS protocol and not a vulnerability due to the implementation itself. It attacks a Diffie-Hellman (DH) key exchange. A server, respectively the services using TLS, that allows (have configured) DHE_EXPORT ciphers can be attacked. This impacts also all modern web browsers. According to the researchers are 8.4% of the "Top 1 Million" domains affected.
Read more about the Logjam TLS attack.
Remove the weak ciphers from the accepted cipher list. This need to be done for each service that uses TLS (e.g. Apache, nginx, lighttpd, postfix, dovecot, sendmail, Microsoft IIS, etc). Detailed configuration examples could be found here: Guide to Deploying Diffie-Hellman for TLS
openssl s_client -connect www.example.com:443 -cipher 'EXP'
nmap --script ssl-enum-ciphers -p 443 www.example.com