Difference between revisions of "Service Bullettin 20150911 Weak DH HTTPS Server Keys"
Jump to navigation
Jump to search
| Line 2: | Line 2: | ||
== Service Bulletin - Chrome and Firefox drop support for servers using weak Diffie-Hellman public keys == | == Service Bulletin - Chrome and Firefox drop support for servers using weak Diffie-Hellman public keys == | ||
| − | |||
New versions of some web borwsers have dropped support for web servers using Diffie-Hellman public keys shorter than 1024 bits. | New versions of some web borwsers have dropped support for web servers using Diffie-Hellman public keys shorter than 1024 bits. | ||
| Line 11: | Line 10: | ||
=== Description === | === Description === | ||
| + | HSYCO Server uses native Java libraries, embedded in the installed Oracle Java Virtual Machine, to implement its internal HTTPS server. Java 6's HTTPS libraries use Diffie-Hellman public keys that Google and Mozilla now consider weak, after the so-called Logjam vulnerability has been discovered. | ||
| + | |||
| + | |||
| + | |||
| + | === References === | ||
| + | [https://weakdh.org Weak Diffie-Hellman and the Logjam Attack] | ||
Revision as of 14:33, 11 September 2015
Contents
Service Bulletin - Chrome and Firefox drop support for servers using weak Diffie-Hellman public keys
New versions of some web borwsers have dropped support for web servers using Diffie-Hellman public keys shorter than 1024 bits.
Affected Platforms
- Any HSYCO Server using the Java 6 virtual machine, independently of the HSYCO software version
- Google Chrome version 45
- Mozilla Firefox 39.0
Description
HSYCO Server uses native Java libraries, embedded in the installed Oracle Java Virtual Machine, to implement its internal HTTPS server. Java 6's HTTPS libraries use Diffie-Hellman public keys that Google and Mozilla now consider weak, after the so-called Logjam vulnerability has been discovered.
