Articles in this section

See more

CVE-2015-4000 LOGJAM TLS DH vulnerability on Plesk server

Avatar
Vladimir Chernikov
Updated
Follow
Plesk for Windows Plesk for Linux kb: technical ABT: Group B

Applicable to:

  • Plesk for Linux
  • Plesk for Windows

Situation

CVE-2015-4000 LOGJAM TLS DH vulnerability on Plesk server

Impact

The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. 

Call to Action

Click on a section to expand

Plesk for Linux
  1. Connect to server over SSH.

  2. Run the following command to increase Diffie-Hellman key size to 2048 bit:

    # plesk sbin sslmng -vvv --strong-dh --dhparams-size=2048

    Note: To change the setting for a particular service, option --services=service_name should be used.

Plesk for Windows
    1. Connect to server over RDP.
    2. Open the Group Policy Object Editor: type gpedit.msc in the Start > Run dialogue window:
      gp1.PNG

    3. Expand Computer Configuration > Administrative Templates > Network > SSL Configuration Settings and open the SSL Cipher Suite Order setting:gp2.PNG

    4. Set up a strong cipher suite order. See this list of Microsoft's supported ciphers and Mozilla's TLS configuration instructions:
      gp3.PNG

Comments

1 comment

Sort by Date Votes
  • Avatar
    Massimiliano Toscano

    Hi, 

    very interesting, thanx, but for Aix Server have you some info or details in more ?  maybe could i try with the script you have prepared ?  i have downloaded and i know will check, thnx bye

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles