A few days ago details about of the Logjam attack have been published. This attack allows to trick Internet servers into using a weak TLS cipher suite. After doing so, traffic encryption can easily be broken. What is the Flying Circus doing against it? To protect against the problem, several steps need to be taken:
- Weak ciphers (so-called "export ciphers") should generally not be used.
- 1024 bit Diffie-Hellman parameter sets are possibly too weak to resist break attempts from three-letter agencies. Instead, 2048 bit DH parameter sets should be used.
- Pre-generated, static Diffie-Hellman parameter sets should not be used. Instead, every server should generate its own DH parameter set.
Our changed OpenSSH configuration will disable DSA host keys. We also recommend against DSA client keys for login authentication. Please register a ECDSA or RSA client key with our support.
Get in touch
Call us or send us an email.
fon: +49 345 219 401 0
fax: +49 345 219 401 28
Flying Circus Internet Operations GmbH
Leipziger Str. 70/71
06108 Halle (Saale)
AG Stendal as HRB 21169
VAT ID: DE297423633
Christian Theune, Christian Zagrodnick
flyingcircus.io — 2016-2021 – Privacy