2

The following is a list of ciphers, how to know which ciphers are vulnerable to LogJam attack?

Client shared list of ciphers:

  1. TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
  2. TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  3. TLS_RSA_WITH_AES_128_CBC_SHA
  4. TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
  5. TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
  6. TLS_DHE_RSA_WITH_AES_128_CBC_SHA
  7. TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  8. TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  9. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  10. TLS_RSA_WITH_3DES_EDE_CBC_SHA
  11. TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  12. TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
  13. TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  14. TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  15. TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  16. TLS_ECDHE_RSA_WITH_RC4_128_SHA
  17. TLS_RSA_WITH_RC4_128_SHA
  18. TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  19. TLS_ECDH_RSA_WITH_RC4_128_SHA
  20. TLS_RSA_WITH_RC4_128_MD5
  21. TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Server chosen cipher: TLS_RSA_WITH_AES_128_CBC_SHA

Maarten Bodewes
  • 4,602
  • 15
  • 29
Prem M
  • 21
  • 2
  • 1
    [Look under "What you should do"](http://security.stackexchange.com/questions/89689/what-is-logjam-and-how-do-i-prevent-it) – RoraΖ Jun 09 '15 at 14:53
  • Don't use `_DSS_` (it's not supported these days anyway), don't use `_RC4_` (it's broken and deprecated), don't use `_ECDH_` (nobody supports it anyway, but still, ECDHE is what you want). You've not listed AEAD (AES-GCM) cipher suites, these are the only ones that are considered secure. Add them. Reorder the list to be: ECDHE+ECDSA+AESGCM, ECDHE+aRSA+AESGCM, DHE+aRSA+AESGCM, ECDHE+ECDSA+AES, ECDHE+aRSA+AES, DHE+aRSA+AES, RSA+AES, RSA+3DES. The first three are secure, the next 3 at least provide PFS, the last 2 are for compatibility. DHE is really secure only if you use at least 2048 bit DHE. – Z.T. Jun 09 '15 at 19:19
  • Thanks for the reply, DH export cipher is vulnerable to logjam attack, but the list its being hard to find which are all DH export cipher – Prem M Jun 10 '15 at 03:43

1 Answers1

5

Any with _DHE_ in them. Those are the ones that use Ephemeral Diffie-Hellman, _ECDHE_ is safe.

StackzOfZtuff
  • 17,923
  • 1
  • 51
  • 86
  • Thanks for the reply ,What i understood is anything starting with _DHE is vulnerable to logjam attack. ECDHE is safe, is that right? – Prem M Jun 10 '15 at 03:38
  • Yes. There is no known similar exploit for the Elliptic curve version of Diffie–Hellman (ECDH). – StackzOfZtuff Jun 10 '15 at 06:37
  • For more info see my answers to these questions: [Securing Chrome against Logjam on Windows](https://security.stackexchange.com/questions/90046/securing-chrome-against-logjam-on-windows/90061) and [How to Check if a server is not vulnerable to logjam?](https://security.stackexchange.com/questions/89773/how-to-check-if-a-server-is-not-vulnerable-to-logjam/89775) – StackzOfZtuff Jun 10 '15 at 07:33