The Logjam attack (CVE-2015-4000) exploits weaknesses in the TLS protocol's implementation of Diffie-Hellman key exchange, particularly targeting servers supporting export-grade cipher suites. This vulnerability allows man-in-the-middle attackers to downgrade connections to 512-bit DH groups, making them susceptible to precomputation attacks.
To properly mitigate Logjam in Apache httpd, we need to make several configuration changes:
# In httpd.conf or ssl.conf
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5:!RC4:!EXPORT:!DES:!SSLv2:!ADH:!DSS:!3DES
SSLHonorCipherOrder on
For proper Diffie-Hellman implementation, generate a unique 2048-bit or stronger DH group:
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Then configure Apache to use this custom DH group:
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
Modern cipher suite configuration should prioritize ECDHE:
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256
Use these commands to verify your server's resistance to Logjam:
# Test for export ciphers
nmap --script ssl-enum-ciphers -p 443 yourserver.com
# Check DH group strength
openssl s_client -connect yourserver.com:443 -cipher "EDH" | grep "Server Temp Key"
For high-security environments, consider these additional steps:
- Implement TLS 1.2+ exclusively
- Enable OCSP stapling
- Use certificate pinning
- Regularly rotate DH parameters
Remember to restart Apache after making configuration changes:
systemctl restart apache2 # or httpd depending on your system
The Logjam vulnerability (CVE-2015-4000) exploits weaknesses in the TLS protocol's implementation of Diffie-Hellman key exchange, particularly targeting export-grade cryptography and commonly reused DH groups. Attackers can force downgrade attacks to weaker 512-bit export ciphers then perform precomputation attacks.
For Apache httpd 2.4.x, implement these security measures in your SSL configuration (typically in httpd-ssl.conf or ssl.conf):
# 1. Disable all export cipher suites
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5:!EXP:!eNULL:!DSS:!DES:!3DES:!RC4
# 2. Prioritize ECDHE suites
SSLHonorCipherOrder on
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
# 3. Configure strong DH parameters (2048-bit minimum)
SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparams.pem"
Create unique 2048-bit or stronger DH parameters (recommended 4096-bit for future-proofing):
openssl dhparam -out /etc/ssl/certs/dhparams.pem 4096
chmod 600 /etc/ssl/certs/dhparams.pem
After implementation, verify your configuration using:
openssl s_client -connect yourdomain.com:443 -cipher EXPORT
sslyze --tlsv1_2 --http_headers yourdomain.com
testssl.sh -e -E -P yourdomain.com
For comprehensive testing, Qualys SSL Labs' SSL Test (https://www.ssllabs.com/ssltest/) provides detailed analysis of your TLS configuration against modern vulnerabilities including Logjam.
While ECDHE offers better security, it has slightly higher computational overhead than RSA key exchange. Modern servers with AES-NI support handle this efficiently. For high-traffic sites, consider:
- Hardware acceleration (Crypto NICs)
- TLS session resumption configuration
- OCSP stapling to reduce handshake latency
For infrastructure-as-code environments, include these security settings in your configuration management:
# Ansible example
- name: Configure Apache SSL
lineinfile:
path: /etc/httpd/conf.d/ssl.conf
regexp: '^SSLCipherSuite'
line: 'SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305'
state: present
notify: restart apache