Difference between revisions of "Service Bullettin 20150911 Weak DH HTTPS Server Keys"

From HSYCO
Jump to navigation Jump to search
Line 15: Line 15:
  
 
=== References ===
 
=== References ===
[https://weakdh.org Weak Diffie-Hellman and the Logjam Attack]
+
*[https://weakdh.org Weak Diffie-Hellman and the Logjam Attack]

Revision as of 13:33, 11 September 2015


Service Bulletin - Chrome and Firefox drop support for servers using weak Diffie-Hellman public keys

New versions of some web borwsers have dropped support for web servers using Diffie-Hellman public keys shorter than 1024 bits.

Affected Platforms

  • Any HSYCO Server using the Java 6 virtual machine, independently of the HSYCO software version
  • Google Chrome version 45
  • Mozilla Firefox 39.0

Description

HSYCO Server uses native Java libraries, embedded in the installed Oracle Java Virtual Machine, to implement its internal HTTPS server. Java 6's HTTPS libraries use Diffie-Hellman public keys that Google and Mozilla now consider weak, after the so-called Logjam vulnerability has been discovered.


References