Logjam HTTPS exploit

Talk about internet security, computer security, personal security, your social security number...
Post Reply
barbaz
Senior Member
Posts: 9140
Joined: Sat Aug 03, 2013 5:45 pm

Logjam HTTPS exploit

Post by barbaz » Thu May 21, 2015 5:19 pm

*Always* check the changelogs BEFORE updating that important software!
-

barbaz
Senior Member
Posts: 9140
Joined: Sat Aug 03, 2013 5:45 pm

Re: Logjam HTTPS exploit

Post by barbaz » Fri May 22, 2015 1:54 am

jscher2000 suggested (in the mozillaZine thread) to disable the ciphers that are vulnerable to this attack as follows:
about:config > set security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha to false
EDIT Then restart the browser. /EDIT

I can confirm that this works against the above linked test in SeaMonkey '2.35pre' (Gecko 38.0.1) and SeaMonkey 2.26.1 (Gecko 29).
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
therube
Ambassador
Posts: 7406
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: Logjam HTTPS exploit

Post by therube » Fri May 22, 2015 8:20 pm

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:36.0) Gecko/20100101 SeaMonkey/2.33.1

Post Reply