HTTPS Logjam vulnerability
Posted: Thu May 21, 2015 10:13 amHi Sindre,
I am sure you have already heard of the FREAK and LogJam vulnerabilities affecting SSL/TLS connections in many websites allowing weak Diffie-Hellman Key Exchange.
The Subsonic standalone package with Apache Tomcat is also affected, please adjust the apache configuration for the next release to decline weak DHE_EXPORT ciphers.
Read more on this Website: https://weakdh.org and especially the simple instructions on the necessary modifications in Apache/Tomcat's httpd.conf at https://weakdh.org/sysadmin.html.
Let's keep our subsonic servers secure!
Thanks and best regards,
MrKnister
I am sure you have already heard of the FREAK and LogJam vulnerabilities affecting SSL/TLS connections in many websites allowing weak Diffie-Hellman Key Exchange.
The Subsonic standalone package with Apache Tomcat is also affected, please adjust the apache configuration for the next release to decline weak DHE_EXPORT ciphers.
Read more on this Website: https://weakdh.org and especially the simple instructions on the necessary modifications in Apache/Tomcat's httpd.conf at https://weakdh.org/sysadmin.html.
Let's keep our subsonic servers secure!
Thanks and best regards,
MrKnister