Re: Logjam mitigation for Wheezy?

hi folks sorry my poor english all linux users must read https://weakdh.org/... all must use ecdh ciphers, with diffie hellman key exchange method, only on tls 1.2, on all criptographic conections... the site above contains all explanations the great secret is use diffie hellman with at l

Re: Logjam mitigation for Wheezy?

On Tue, Jun 02, 2015 at 02:01:47PM +, Thorsten Glaser wrote: Michael Stone debian.org> writes: You can mitigate it right now by reconfiguring your server to remove DH ciphers from SSLCipherSuite. That’s throwing the baby out with the bathwater and removing the ability to use PFS with clie

Re: Logjam mitigation for Wheezy?

Stefan Fritsch sfritsch.de> writes: > It is also possible to > load custom DH params from the SSLCertificateFile, but AFAICS this > needs to be done for each vhost. That sounds like an option, but isn’t available in wheezy yet ☹ but if you’re going to ship it via wheezy-security… great! Mich