E2E FORUM

logjam vulnerability

Tagged: SSL console logjam

This topic contains 2 replies, has 2 voices, and was last updated by Kirstin 3 years, 8 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)

Author
Posts
July 29, 2015 at 10:13 am #1953

hatemp
Participant
Hi,
Do you know how I can configure the console in such a way that the logjam vulnerability is mitigated?
I tried to put the following in the Tomcat E2E_BRIDGE_PROG/servlets/conf/server.xml file:
ciphers=”TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA”
But that does not solve the problem (after restarting the console service). The problem now is that Chrome refuses to connect to the bridge console due to this vulnerability.
July 30, 2015 at 9:33 am #1963
Kirstin
Keymaster
Hello Harald,
we informed on this problem in our Developer Newsletter 04 | 2015 and announced a new Bridge version to fix this issue.
So, until you can install the fixed E2E Bridge release, you can either
- use another browser (not Firefox nor Chrome).
- enable the weak options in Firefox as described in the newsletter. Note that this is a global option in Firefox and is used for all connections you do.
Kind regards,
Kirstin
August 4, 2015 at 10:13 am #1975

Kirstin
Keymaster
Meanwhile, we release a Bridge version that solves this problem. Please refer to our E2E Developer News 2015 | 05.
Cheers,
Kirstin
Author
Posts

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.