https://community.hpe.com/t5/operating-system-hp-ux/logjam-vulnerability/m-p/6754869#M729428 <P>Solution found,</P><P>&nbsp;</P><P>create first the dhparams</P><P>&nbsp;</P><PRE>openssl dhparam -out dhparams.pem 2048 chmod 600 dhparams.pem</PRE><P>&nbsp;</P><P>then add this to your certificates,in my case proxy.pem cert.pem</P><P>&nbsp;</P><PRE>cat dhparams.pem &gt;&gt; /opt/hpsmh/certs/proxy.pem</PRE><PRE>cat dhparams.pem &gt;&gt; /opt/hpsmh/certs/cert.pem</PRE><P>then modify hpsmh to use correct ciphers</P><P>&nbsp;</P><PRE>/opt/hpsmh/bin/smhconfig -Z `cat /cip.txt`</PRE><P>cip.txt contain those</P><P>&nbsp;</P><PRE>ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AES:RSA+3DES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!ADH:!AECDH:!MD5:!DSS:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA</PRE><P>Finally reload hpsmh</P><PRE>/opt/hpsmh/bin/hpsmh stop /opt/hpsmh/bin/hpsmh start</PRE> Sun, 14 Jun 2015 19:26:39 GMT uxbeginner22 2015-06-14T19:26:39Z https://community.hpe.com/t5/operating-system-hp-ux/logjam-vulnerability/m-p/6754404#M729426 <P>Nessus tell my hpsmh homepage is vulnerable to logjam</P><P>I have try to fix it with this solution</P><P>&nbsp;</P><PRE>cat /opt/hpws22/apache/conf/dhparams.pem &gt;&gt; /opt/hpws22/apache/conf/ssl.crt/server.crt</PRE><P>And restart hpsmh</P><P>But doesn't work.</P><P>Why?</P><P>Those are ssl params</P><P>&nbsp;</P><PRE>SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD 5:!DSS:!RC4</PRE> Thu, 11 Jun 2015 21:17:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/logjam-vulnerability/m-p/6754404#M729426 uxbeginner22 2015-06-11T21:17:41Z https://community.hpe.com/t5/operating-system-hp-ux/logjam-vulnerability/m-p/6754420#M729427 <P>I've add succesfully this line with smhconfig</P><P>&nbsp;</P><P>&nbsp;</P><PRE>ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA</PRE><P>&nbsp;</P><P>&nbsp;</P><P>but nessus still report error,of course i've added the dhparams.pem to cert.pem file with</P><P>&nbsp;</P><PRE>cat dhparams.pem &gt;&gt; cert.pem </PRE><P>and restart the app.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 11 Jun 2015 23:15:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/logjam-vulnerability/m-p/6754420#M729427 uxbeginner22 2015-06-11T23:15:55Z https://community.hpe.com/t5/operating-system-hp-ux/logjam-vulnerability/m-p/6754869#M729428 <P>Solution found,</P><P>&nbsp;</P><P>create first the dhparams</P><P>&nbsp;</P><PRE>openssl dhparam -out dhparams.pem 2048 chmod 600 dhparams.pem</PRE><P>&nbsp;</P><P>then add this to your certificates,in my case proxy.pem cert.pem</P><P>&nbsp;</P><PRE>cat dhparams.pem &gt;&gt; /opt/hpsmh/certs/proxy.pem</PRE><PRE>cat dhparams.pem &gt;&gt; /opt/hpsmh/certs/cert.pem</PRE><P>then modify hpsmh to use correct ciphers</P><P>&nbsp;</P><PRE>/opt/hpsmh/bin/smhconfig -Z `cat /cip.txt`</PRE><P>cip.txt contain those</P><P>&nbsp;</P><PRE>ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AES:RSA+3DES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!ADH:!AECDH:!MD5:!DSS:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA</PRE><P>Finally reload hpsmh</P><PRE>/opt/hpsmh/bin/hpsmh stop /opt/hpsmh/bin/hpsmh start</PRE> Sun, 14 Jun 2015 19:26:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/logjam-vulnerability/m-p/6754869#M729428 uxbeginner22 2015-06-14T19:26:39Z