You are here

Logjam Attack

Keywords: 
TLS, SSL, DH, CVE-2015-4000
Description: 

A new attack called Logjam [1] targeting Diffie Hellman (DH) Key Exchange in TLS has been released.

Summary

Airlock WAF 5.x is not affected when using the default cipher suite and SSL certificates with key length bigger than 1024 bits.

Airlock WAF 4.2.6 may be affected regarding attackers with massive computational power (e.g., nation-state type attackers).

Airlock WAF protects vulnerable back-end systems. 

Details

By performing precomputations for specific DH parameters a man-in-the-middle attacker may be able to break a TLS connection using Diffie Hellman Key Exchange. This attack was demonstrated by a group of researches on DH groups with 512 bit primes. The researchers believe that it is within reach of a nation-state attacker to even break 768 bit or 1024 bit primes.

All supported WAF releases use at least 1024 bit primes in the DH key exchange. In Airlock WAF 5.x this key size depends on the key size of the SSL certificate which we recommend to be at least 2048 bits. In Airlock WAF 4.2.6 the DH key size is fixed to 1024 bits due to the underlying Apache httpd 2.2 release.

Resolution: 

The security of the TLS configuration regarding Logjam can be verified with the online tool available at [1].

We recommend performing the following checks:

For Airlock WAF 5.x:

- The TLS certificates have a key length of at least 2048 bits.

- The default cipher suite is enabled or an equivalent custom cipher suite with deactivated Diffie Hellman export ciphers is used.

For Airlock WAF 4.2.6.x

- We recommend updating to Airlock 5.x. If this is not possible we recommend deactivating DH ciphers and using ECDH ciphers instead. This can be done by using the following custom cipher suite, which is based on the default cipher suite used in HF4231:

EECDH+AESGCM:EDH+AESGCM:EECDH+AES:EDH+AES:AESGCM:AES:-SSLv3:
EECDH+AES:EDH+AES:EECDH+3DES:EDH+3DES:AES:3DES:
!NULL:!ADH:!kECDH:!DSS:!MD5:!PSK:!aNULL:!SRP:!DES:!EXP:!RC4:!EDH

Please refer to this article for instructions on how to configure a custom cipher suite.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock