When that didn't work they said we had to regenerate the certs even though we are using a 2048 bit RSA sign cert. I escalated up through sales channels because support said "You will have to wait for 5.2.5" The super smarties who replied told me the same thing you were told. We have someone that is seeing the exact same thing. Logjam attack difficulty : Hard (would require nation-state resources)Ĭipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHAĬipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHAĬipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHAĬipher suite : TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHAĭoes anyone know how to disable the cipher in question or upgrade it to a 2048 bits? The remote host more vulnerable to the Logjam attack. Warning - This is a known static Oakley Group2 modulus. Yet, when we perform the test again, the below output is presented to us:Ĭipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA In the Global COnfig, the below settings have been set: In the SSL VPN Settings, the below values have been set: We were doing some penentration tests on our systems and we found out that on our FortiGate 200D which has SSL VPN enabled it is susceptible to the LongJam attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |