Service Bullettin 20150911 Weak DH HTTPS Server Keys

From HSYCO
Revision as of 13:33, 11 September 2015 by Ulde (talk | contribs)
Jump to navigation Jump to search


Service Bulletin - Chrome and Firefox drop support for servers using weak Diffie-Hellman public keys

New versions of some web borwsers have dropped support for web servers using Diffie-Hellman public keys shorter than 1024 bits.

Affected Platforms

  • Any HSYCO Server using the Java 6 virtual machine, independently of the HSYCO software version
  • Google Chrome version 45
  • Mozilla Firefox 39.0

Description

HSYCO Server uses native Java libraries, embedded in the installed Oracle Java Virtual Machine, to implement its internal HTTPS server. Java 6's HTTPS libraries use Diffie-Hellman public keys that Google and Mozilla now consider weak, after the so-called Logjam vulnerability has been discovered.


References

Weak Diffie-Hellman and the Logjam Attack