[jira] [Created] (KNOX-566) Knox Jetty server is vulnerable to Logjam vulnerability

Jeffrey E Rodriguez (JIRA) Wed, 08 Jul 2015 11:16:03 -0700

Jeffrey E  Rodriguez created KNOX-566:
-----------------------------------------


             Summary: Knox Jetty server is vulnerable to Logjam vulnerability
                 Key: KNOX-566
                 URL: https://issues.apache.org/jira/browse/KNOX-566
             Project: Apache Knox
          Issue Type: Bug
    Affects Versions: 0.5.0
         Environment: Red Hat Enterprise Linux Server release 6.4 (Santiago)

            Reporter: Jeffrey E  Rodriguez
             Fix For: 0.7.0


See description of logjam
"The Logjam Attack"
https://weakdh.org/


To test you should do:
[root@bdvs1392 logs]# openssl s_client -connect bdvs1392.svl.ibm.com:8443 
-cipher "EDH" | grep "Server Temp Key"
depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN = 
bdvs1392.svl.ibm.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = Test, L = Test, O = Hadoop, OU = Test, CN = 
bdvs1392.svl.ibm.com
verify return:1
Server Temp Key: DH, 768 bits


The key should >= 1024



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (KNOX-566) Knox Jetty server is vulnerable to Logjam vulnerability

Reply via email to