TLS Logjam Check CVE-2015-4000

Logjam test - Is your webserver attackable? TLS vulnerability check against the Logjam attack.

You can specify a custom port like this 443 by default.

What is the Logjam TLS attack?

The Logjam attack (CVE-2015-4000) is against the TLS Protocol. That means it affects services that are using TLS. The attack gives a man-in-the-middle attacker the possibility to downgrade weak TLS connections to 512-bit exchange key cryptography. The attacker can read and manipulate the data, which is transferred between the peers using a TLS "secured" connection. The attack has similarities to the FREAK attack, but it is important to note that this is a flaw in the TLS protocol and not a vulnerability due to the implementation itself. It attacks a Diffie-Hellman (DH) key exchange. A server, respectively the services using TLS, that allows (have configured) DHE_EXPORT ciphers can be attacked. This impacts also all modern web browsers. According to the researchers are 8.4% of the "Top 1 Million" domains affected.

Read more about the Logjam TLS attack.

How to eliminate Logjam vulnerability?

Remove the weak ciphers from the accepted cipher list. This need to be done for each service that uses TLS (e.g. Apache, nginx, lighttpd, postfix, dovecot, sendmail, Microsoft IIS, etc). Detailed configuration examples could be found here: Guide to Deploying Diffie-Hellman for TLS

How to test Logjam via command line?

OpenSSL: openssl s_client -connect -cipher 'EXP'

nmap: nmap --script ssl-enum-ciphers -p 443