Search
bildwelt
E2E FORUM
E2E Bridge E2E Commerce

logjam vulnerability

E2E Forum Modeling & Development logjam vulnerability

Tagged: 

This topic contains 2 replies, has 2 voices, and was last updated by  Kirstin 3 years ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • July 29, 2015 at 10:13 am #1953

    hatemp
    Participant

    Hi,

    Do you know how I can configure the console in such a way that the logjam vulnerability is mitigated?

    I tried to put the following in the Tomcat E2E_BRIDGE_PROG/servlets/conf/server.xml file:
    ciphers=”TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA”

    But that does not solve the problem (after restarting the console service). The problem now is that Chrome refuses to connect to the bridge console due to this vulnerability.

    July 30, 2015 at 9:33 am #1963

    Kirstin
    Keymaster

    Hello Harald,

    we informed on this problem in our Developer Newsletter 04 | 2015 and announced a new Bridge version to fix this issue.

    So, until you can install the fixed E2E Bridge release, you can either

    • use another browser (not Firefox nor Chrome).
    • enable the weak options in Firefox as described in the newsletter. Note that this is a global option in Firefox and is used for all connections you do.

    Kind regards,
    Kirstin

    August 4, 2015 at 10:13 am #1975

    Kirstin
    Keymaster

    Meanwhile, we release a Bridge version that solves this problem. Please refer to our E2E Developer News 2015 | 05.
    Cheers,
    Kirstin

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Diese Website benutzt Cookies. Wenn Sie die Website weiter nutzen, gehen wir von Ihrem Einverständnis aus. OK