bildwelt
E2E FORUM
E2E Bridge E2E Commerce

logjam vulnerability

E2E Forum Modeling & Development logjam vulnerability

This topic contains 2 replies, has 2 voices, and was last updated by  Kirstin 2 years, 3 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #1953

    hatemp
    Participant

    Hi,

    Do you know how I can configure the console in such a way that the logjam vulnerability is mitigated?

    I tried to put the following in the Tomcat E2E_BRIDGE_PROG/servlets/conf/server.xml file:
    ciphers=”TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA”

    But that does not solve the problem (after restarting the console service). The problem now is that Chrome refuses to connect to the bridge console due to this vulnerability.

    #1963

    Kirstin
    Keymaster

    Hello Harald,

    we informed on this problem in our Developer Newsletter 04 | 2015 and announced a new Bridge version to fix this issue.

    So, until you can install the fixed E2E Bridge release, you can either

    • use another browser (not Firefox nor Chrome).
    • enable the weak options in Firefox as described in the newsletter. Note that this is a global option in Firefox and is used for all connections you do.

    Kind regards,
    Kirstin

    #1975

    Kirstin
    Keymaster

    Meanwhile, we release a Bridge version that solves this problem. Please refer to our E2E Developer News 2015 | 05.
    Cheers,
    Kirstin

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.