Re: Logjam vulnerability

uxbeginner22 · ‎06-11-2015

Nessus tell my hpsmh homepage is vulnerable to logjam

I have try to fix it with this solution

cat /opt/hpws22/apache/conf/dhparams.pem >> /opt/hpws22/apache/conf/ssl.crt/server.crt

And restart hpsmh

But doesn't work.

Why?

Those are ssl params

SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2

#   SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD
5:!DSS:!RC4

uxbeginner22 · ‎06-11-2015

I've add succesfully this line with smhconfig

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

but nessus still report error,of course i've added the dhparams.pem to cert.pem file with

cat dhparams.pem >> cert.pem

and restart the app.

uxbeginner22 · ‎06-14-2015

Solution found,

create first the dhparams

openssl dhparam -out dhparams.pem 2048
chmod 600 dhparams.pem

then add this to your certificates,in my case proxy.pem cert.pem

cat dhparams.pem >> /opt/hpsmh/certs/proxy.pem

cat dhparams.pem >> /opt/hpsmh/certs/cert.pem

then modify hpsmh to use correct ciphers

/opt/hpsmh/bin/smhconfig -Z `cat /cip.txt`

cip.txt contain those

ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AES:RSA+3DES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!ADH:!AECDH:!MD5:!DSS:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

Finally reload hpsmh

/opt/hpsmh/bin/hpsmh stop
/opt/hpsmh/bin/hpsmh start

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Logjam vulnerability

Logjam vulnerability

Re: Logjam vulnerability

Re: Logjam vulnerability