InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Logjam HTTPS exploit

https://forums.informaction.com/viewtopic.php?t=20830

Page 1 of 1

Logjam HTTPS exploit

Posted: Thu May 21, 2015 5:19 pm
by barbaz
http://forums.mozillazine.org/viewtopic ... &t=2935955

https://weakdh.org/

Re: Logjam HTTPS exploit

Posted: Fri May 22, 2015 1:54 am
by barbaz
jscher2000 suggested (in the mozillaZine thread) to disable the ciphers that are vulnerable to this attack as follows:
about:config > set security.ssl3.dhe_rsa_aes_128_sha and security.ssl3.dhe_rsa_aes_256_sha to false
EDIT Then restart the browser. /EDIT

I can confirm that this works against the above linked test in SeaMonkey '2.35pre' (Gecko 38.0.1) and SeaMonkey 2.26.1 (Gecko 29).

Re: Logjam HTTPS exploit

Posted: Fri May 22, 2015 8:20 pm
by therube
http://forums.mozillazine.org/viewtopic ... #p14167409
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited