Hi Sindre,
I am sure you have already heard of the FREAK and LogJam vulnerabilities affecting SSL/TLS connections in many websites allowing weak Diffie-Hellman Key Exchange.
The Subsonic standalone package with Apache Tomcat is also affected, please adjust the apache configuration for the next release to decline weak DHE_EXPORT ciphers.
Read more on this Website: https://weakdh.org and especially the simple instructions on the necessary modifications in Apache/Tomcat's httpd.conf at https://weakdh.org/sysadmin.html.
Let's keep our subsonic servers secure!
Thanks and best regards,
MrKnister
HTTPS Logjam vulnerability
Moderator: moderators
1 post
• Page 1 of 1
HTTPS Logjam vulnerability
by MrKnister » Thu May 21, 2015 10:13 am
- MrKnister
- Posts: 1
- Joined: Thu May 21, 2015 10:02 am
1 post
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 17 guests