SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) CVE-2015-4000

J

Joaoda Silva2

Afternoon,


I've been attempting to remediate the "CVE-2015-4000" for the last few days. However, corporate scans (Nessus Scanner) keep singling out any of the clients that have been remediated.


"Vulnerable connection combinations:

SSL/TLS version : TLSv1.0

Cipher Suite : TLS1_CK DHE_RSA_With_AES_256_CBC_SHA

Diffie-Hellman MODP size (bits) : 1024

Warning - This is a know static Oakley Group2 modulus. This may make the remote host more vulnerable to the Logjam attack.

Logjam attack difficulty : Hard (would require nation-state resources)

SSL/TLS version : TLSv1.0"


I have:


1) Modified the registry key for the 'Diffie-Hellman' to increase the size from 1024 to 2048 (See below). The modification is successful as I'm able to verify in the registry editor that the change was successful.


"Windows Registry Editor Version 5.00



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]

"Enabled"=dword:ffffffff

"ClientMinKeyBitLength"=dword:00000800"


2) I have disabled in 'IE11' SSL and modiefied TLS to disable 1.0, 1.1 and enable TLS 1.2. For good measure I've modified the registry editor.


"Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001 "


Any assistance is gratefully appreciated. The client is running 'Windows 7 Enterprise' with SP1.


Thank you,


Joao da Silva

Continue reading...
 
Back
Top Bottom