New logjam tls attack

Hi Josh,
Seeing this yesterday report: about Logjam TLS Attack I think could be an improvement to limit Diffie-Hellman cryptographic key exchange cyphers length to be 2048bits by default for all newly created Mail-in-a-Box servers and adding a default warning for OLD ones that could still use the 1024bits now considered WEAK.
Hope this helps,

There was actually no time when Mail-in-a-Box generated a 1024-bit dhparam file. (We started with 2048 bits here.)

Since yesterday I started recording in git the ciphers offered by each of the services on the box. Hopefully we can get more eyes on the TLS configuration to make sure it’s right and stays right!

1 Like