Subscribe for automatic updates: RSS icon RSS

Login icon Sign in for full access | Help icon Help
Advanced search

Pages: [1]
  Reply  |  Print  
Author Topic: Openssl - security issue concerning the Diffie-Hellman algorithm  (Read 5618 times)
Olivier E.
Four Js
Posts: 204


« on: June 04, 2015, 04:52:48 pm »


Dear customers,

For your information, Openssl reported a security issue concerning the Diffie-Hellman algorithm : https://weakdh.org/

This issue does not impact Genero product directly, however it does impact Web servers (Apache, Micosoft IIS, nginx, Lighttpd, etcetera) and mail servers (Sendmail, Postfix SMTP, etcetera).

To fix the problem, you can :

   
  • Disable the Diffie-Hellmann ciphers from your web/Sendmail server, as described here:
        https://weakdh.org/sysadmin.html
  • If you cannot disable the Diffie-Hellman ciphers as described in the link above, or if you use a GWS server provided by a Web server and you do not know whether the system administrator has disabled the Diffie-Hellman ciphers for that server:
    Set the same cipher list on the GWS client side:
    • Open your fglprofile file.
    • Create the entry "security.global.cipher" with the following content (the fglprofile entry below must be on 1 line):

      security.global.cipher = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA"
   
   
       
       
Best regards,

Four Js Development Tools

Pages: [1]
  Reply  |  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines