Tagged: SSL console logjam
Do you know how I can configure the console in such a way that the logjam vulnerability is mitigated?
I tried to put the following in the Tomcat E2E_BRIDGE_PROG/servlets/conf/server.xml file:
ciphers=”TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA”
But that does not solve the problem (after restarting the console service). The problem now is that Chrome refuses to connect to the bridge console due to this vulnerability.
we informed on this problem in our Developer Newsletter 04 | 2015 and announced a new Bridge version to fix this issue.
So, until you can install the fixed E2E Bridge release, you can either