SSL: OpenSSL Logjam 512-Bit DHE_EXPORT Cipher Suite
This signature detects a SSL-SERVER-HELLO response with 'DHE_EXPORT' RSA cipher suites. Most 'modern' clients (e.g., web browsers) won't offer export grade cipher suites as part of the negotiation process as they are considered as weak encryption.
Extended Description
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Affected Products
Mozilla firefox
References
BugTraq: 74733
CVE: CVE-2015-4000
URL: http://www.openwall.com/lists/oss-security/2015/05/20/2 https://weakdh.org/logjam.html https://weakdh.org/imperfect-forward-secrecy.pdf http://tonyarcieri.com/imperfect-forward-secrecy-the-coming-cryptocalypse http://www.securityweek.com/logjam-tls-vulnerability-exposes-websites-mail-servers-researchers http://www.thebigcomputing.com/2015/05/logjam-tls-vulnerability-exposed/ https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ https://weakdh.org/
Short Name
SSL:AUDIT:DHEEXP-512CPHR-LOGJAM
Severity
Info
Recommended
False
Recommended Action
None
Category
SSL
Keywords
512-Bit CVE-2015-4000 Cipher DHE_EXPORT Logjam OpenSSL Suite bid:74733
Release Date
06/01/2015
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3752
False Positive
Occasionally
Vendors
Suse
Apple
Opera
Mozilla
Openssl
Ibm
Microsoft
Oracle
Debian
Canonical
CVSS Score
4.3