Protect Adeptia Suite from the Logjam Attack

The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable. For more details on this, refer the following link:

https://weakdh.org/

Perform the following steps to secure Adeptia Suite from the Logjam attack:

  1. Copy the complete XML excerpt from the attached file ExcludeCipher.xml.
  2. Go to the Current Adeptia Suite installation location inside ServerKernel/etc/jetty.
  3. Open the jetty.xml file and paste the XML content copied from Step1 inside the following element in the jetty.xml file:

          <New id="sslContextFactory" class="org.eclipse.jetty.http.ssl.SslContextFactory">

     4.    Save the jetty.xml file.

     5.    Restart Adeptia Services.

PS: If you are using multiple context factory then above steps have to be performed in every SslContextFactory.

Have more questions? Submit a request

0 Comments

Article is closed for comments.