CCX and Logjam

The latest versions of Firefox and Chrome seem to have fixed the Logjam vulnerability which is causing issues logging into the CCX admin page.

Here’s the workaround:
>> Now for logjam exploit related to the Diffie-Hellman algorithm the workaround in place is as below :
1)    In FireFox, enter “about:config” in the URL field and press enter.
2)     Accept the “This might void your warranty!” warning
3)     In the search field at the top, enter “security.ssl3.dhe_rsa_aes”
4)    Double click each result (128 and 256) to toggle the Value to “false”

After accessing the page and doing what you need, you’ll want to set them back to true or you’ll be vulnerable.

Another option is to keep a copy of the worlds greatest browser ever, Firefox 24, installed for accessing CCX. 😉

3 thoughts on “CCX and Logjam

  1. Couldn`t you also regenerate tomcat certificate using ECDHE & 1024-bit (or larger) Diffie-Hellman group for the DHE_RSA SSL cipher suites?

    • I’m not sure that the version of VOS used with CCX 10.x supports the new elliptic curve encryption yet but I’ll look into it.

      I know the fix was RHEL 6 related and is coming in CCX 11.0.x.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s