Situation
CVE-2015-4000 LOGJAM TLS DH vulnerability on Plesk server
Impact
The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection.
Call to Action
Click on a section to expand
Plesk for Linux
- Connect to server over SSH.
-
Run the following command to increase Diffie-Hellman key size to 4096 bit:
# plesk sbin sslmng -vvv --strong-dh --dhparams-size=4096
Note: To change the setting for a particular service, option --services=service_name should be used.
Plesk for Windows
- Connect to server over RDP.
- Open the Group Policy Object Editor: type
gpedit.msc
- Expand Computer Configuration > Administrative Templates > Network > SSL Configuration Settings and open the SSL Cipher Suite Order setting:
- Set up a strong cipher suite order. See this list of Microsoft's supported ciphers and Mozilla's TLS configuration instructions: