Welcome Guest. Please Login or Register  
Client Area  |  Softaculous Cloud  |  Calendar  |  Quick Links  |  
   


You are here: Index > Webuzo > General Support > Topic : [ Security Alert ] Logjam | Diffie-Hellman key exchange



Threaded Mode | Print  

 [ Security Alert ] Logjam | Diffie-Hellman key exchange (3 Replies, Read 10726 times)
peopleinside
Posted on # May 21, 2015, 1:29 pm
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate 		Hi,
I want to inform about Security Fix needed for servers.
https://weakdh.org/

Actually is not possibile fix in Webuzo until openssl 1.0.2 version will be not supported by Webuzo.

Also i can see if I set Apache 2 as default Apache on my server all website go down, i can't see any particular error in the Webuzo error log.

So when openssl 1.0.2 or greater will be supported I will try to open, update new ticket in Webuzo support center for activate Apache 2 and make the security fix.

For now openssl 1.0.1 is only supported by Webuzo so until there are no support for openssl 1.0.2 the security fix can't be done.


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

[ Security Alert ] Logjam | Diffie-Hellman key exchange
divij
Posted on # May 22, 2015, 5:46 am | Post: 1
Group: Member
Post Group: Elite Member
Posts: 290
Status:
Hi,

Sir we are working on the solution for it.
We will let you know as soon as possible.
IP: --   

[ Security Alert ] Logjam | Diffie-Hellman key exchange
peopleinside
Posted on # May 22, 2015, 5:50 am | Post: 2
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate 		Great, thanks!


-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

[ Security Alert ] Logjam | Diffie-Hellman key exchange
peopleinside
Posted on # May 22, 2015, 6:34 am | Post: 3
Group: Member
Post Group: Super Member
Posts: 1394
Status:

Open source, web and security passionate 		Only for make this conversation correct and for user who will be here, i have found a fix for the security issue.

I have changed the SSL cipher suite by removing DH key exchange. Security level is very good so no issue of inferior protection.

So it's not true there are no solution for the moment to fix the security issue, it can be done by changing the  SSL cipher suite.

-----------------------
PeopleInside  :angel:

Web, security, open source passionate.
IP: --   

« Previous    Next »

Threaded Mode | Print  



Jump To :


Users viewing this topic
1 guests, 0 users.


All times are GMT. The time now is April 28, 2024, 7:23 pm.

  Powered By AEF 1.0.8 © 2007-2008 Electron Inc.Queries: 10  |  Page Created In:0.025