Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Common prime detected in dhparams.pem - LOGJAM (CVE-2015-4000) #2117

Open
eugenaciu opened this issue Jul 7, 2022 · 1 comment
Open

Common prime detected in dhparams.pem - LOGJAM (CVE-2015-4000) #2117

eugenaciu opened this issue Jul 7, 2022 · 1 comment
Labels
security Security related ticket

Comments

@eugenaciu
Copy link

Describe the bug

LOGJAM (CVE-2015-4000), experimental common prime with 2048 bits detected: RFC5114/2048-bit DSA group with 224-bit prime order subgroup (2048 bits), but no DH EXPORT ciphers.

To Reproduce

Scan with testssl.sh -U

OS/snapd/snap version

$ snap list nextcloud

nextcloud 24.0.1snap1 31033 latest/stable nextcloud

and:

$ snap version

snap 2.56.2
snapd 2.56.2
series 16
ubuntu 20.04
kernel 5.4.0-121-generic

The solution would be either to allow the modification of dhparams.pem or removal of DHE-RSA-AES256-GCM-SHA384 from SSLCipherSuite.

Thank you!
@kyrofa
Copy link
Member

kyrofa commented Jul 7, 2022

Thank you for the heads up, we'll take a look.

@kyrofa kyrofa added the security Security related ticket label Jul 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Security related ticket
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kyrofa @eugenaciu