Fork me on GitHub


Applied Crypto Hardening

TLS Logjam

The Logjam Attack exploits a weakness affecting all versions of the TLS protocol which allows a monster-in-the-middle to downgrade to 512-bit export grade cryptography.

Our recommendations were always to use Diffie-Hellman parameters > 1024 bits. The general recommendation is to use 4096bits wherever possible but at least the same length as your RSA key size. That means at least 2048bit DH-Parameters or longer when using 2048bit RSA keys.

When using server daemons that allows you to specify DH-Parameters from a file, double check you’re actually doing so. Most default to only 1024bit. If your server daemon doesn’t allow specifying a file, check if an updated version is available. Keep in mind that some clients and servers don’t work well with DH-Parameters > 1024 bits.

As always update your software and never rely on neither sane let alone secure defaults.


If you want to quickly test if your server is affected you can do so using openssl(1) 1.0.2. OpenSSL 0.9.8/1.0.1 does not output DH-Parameter info.


echo | openssl s_client -connect -cipher "EDH" 2>/dev/null | grep -ie "Server .* key"


Mail transport agent (MTA)

echo | openssl s_client -starttls smtp -connect -cipher "EDH" 2>/dev/null | grep -ie "Server .* key"

Mail submission agent (MSA)

echo | openssl s_client -starttls smtp -connect -cipher "EDH" 2>/dev/null | grep -ie "Server .* key"


echo | openssl s_client -starttls xmpp -connect -cipher "EDH" 2>/dev/null | grep -ie "Server .* key"

This should output two lines:
Server public key is 4096 bit is your RSA Key size.
Server Temp Key: DH, 4096 bits is your DH-Parameter size. If this is 1024 bits or lower you need up upgrade your configuration.

Further reading

You can find more technical details about The Logjam Attack at

Emilia Kasper has posted an article on Logjam, FREAK and Upcoming Changes in OpenSSL to give you a headstart on the next OpenSSL updates to come.

The technical paper is Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. (PDF)

Hanno Böck has written a lengthy piece on Logjam in german. Logjam-Angriff: Schwäche im TLS-Verfahren gefährdet zehntausende Webseiten


2015-05-21 14:59 CET: Updated testing commands to also work on Linux. (Tested on Debian Wheezy.) Updated explanations that OpenSSL 1.0.2 is required to display DH Parameters.