CVE-2015-4000 LOGJAM TLS DH vulnerability on Plesk server

Alexander Davydov

Updated October 03, 2023 11:19

Plesk for Windows Plesk for Linux kb: technical ABT: Group B

Applicable to:

Plesk for Linux
Plesk for Windows

Situation

CVE-2015-4000 LOGJAM TLS DH vulnerability on Plesk server

Impact

The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection.

Call to Action

Click on a section to expand

Plesk for Linux

Connect to server over SSH.
Run the following command to increase Diffie-Hellman key size to 4096 bit:

# plesk sbin sslmng -vvv --strong-dh --dhparams-size=4096

Note: To change the setting for a particular service, option --services=service_name should be used.

Plesk for Windows

Connect to server over RDP.
Open the Group Policy Object Editor: type gpedit.msc in the Start > Run dialogue window:
Expand Computer Configuration > Administrative Templates > Network > SSL Configuration Settings and open the SSL Cipher Suite Order setting:
Set up a strong cipher suite order. See this list of Microsoft's supported ciphers and Mozilla's TLS configuration instructions:

gp1.PNG
(10 KB)
gp2.PNG
(10 KB)
gp2.PNG
(10 KB)
gp3.PNG
(20 KB)