Last updated: 12/15/15
Official website
Twitter hashtags
Vulnerability testing tools
Test your browser (client):
Test your server:
Vulnerable browser results
If your browser is vulnerable you will see:
weakdh.org Vulnerable web browser example
Qualys SSL Labs client test Vulnerable user agent example
Qualys SSL Labs manual Logjam Vulnerability test Vulnerable example
Vulnerable server results
If the server tested is vulnerable you will see:
weakdh.org Vulnerable server – uses a commonly-shared 1024-bit Diffie-Hellman group
Safe client results
If your browser is safe you will see:
weakdh.org Safe web browser
Safe server results
Two examples of safe server results below:
weakdh.org Safe – uses 2048-bit Diffie-Hellman group
weakdh.org Safe – does not use DHE
Secure your browser and server
- How to: Secure Chrome against Logjam
- How to: Secure Firefox against Logjam
- Server information: https://weakdh.org/sysadmin.html
Logjam timeline
- May 12, 2015 – Microsoft patched IE 11 see MS15-055
- May 20, 2015 – results of the paper (PDF) published
- May 22, 2015 – Mozilla released Disable DHE add-on
- July 2, 2015 – Firefox 39 released (advisory on “logjam”)
- September 1, 2015 – Chrome 45 released
Upcoming
- Chrome 45 is slated to fix the Logjam vulnerability
- Firefox 39 will include changes that will increase the minimum strength of keys to 1024 bits.
Interesting reads
- Why you fix Logjam later
- https://forums.comodo.com/news-announcements-feedback-cd/logjam-vulnerabilty-patch-or-update-t111218.0.html
Additional information
Terms (in order of appearance):
- DHE – Ephemeral Diffie-Hellman (also commonly referred to as EDH)
- ECDHE – Elliptic Curve Ephemeral Diffie-Hellman
Content licensing
Content from Qualys licensed under a Creative Commons Attribution 3.0 License (http://creativecommons.org/licenses/by/3.0/us/). No changes were made to the original content.
Creating this post
Jing was used for screenshots and WP Smush was used to remove PNG metadata.