LogJam Introduction
Logjam attack would TLS protocol attacks. Logjam attack would allow a hacker to use man-in-the output level of TLS link encryption algorithm is reduced to 512. This will allow an attacker to read and modify all data use this link for transmission. Logjam FREAK attack reminds us of the attack but the attack using a vulnerability TLS protocol instead of an executable vulnerabilities and attack it is Diffie-Hellman key exchange RSA key exchange technology rather than technology. This attack will affect any server that supports DHE_EXPORT encrypted and will affect all modern web browsers. According to statistics rank in the top one million domain names in 8.4% of the site is flawed
testssl.sh Introduction
Official Website: https://testssl.sh
This is a fool-operation of the tool, then clone to a local, direct execution command testssl.sh www.baidu.com
can be executed to test
the display section of the output:
Testing vulnerabilities
Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
CCS (CVE-2014-0224) not vulnerable (OK)
Ticketbleed (CVE-2016-9244), experiment. not vulnerable (OK)
ROBOT not vulnerable (OK)
Secure Renegotiation (CVE-2009-3555) not vulnerable (OK)
Secure Client-Initiated Renegotiation not vulnerable (OK)
CRIME, TLS (CVE-2012-4929) not vulnerable (OK)
BREACH (CVE-2013-3587) no HTTP compression (OK) - only supplied "/" tested
POODLE, SSL (CVE-2014-3566) not vulnerable (OK)
TLS_FALLBACK_SCSV (RFC 7507) Downgrade attack prevention supported (OK)
SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK)
FREAK (CVE-2015-0204) not vulnerable (OK)
DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
make sure you don't use this certificate elsewhere with SSLv2 enabled services
https://censys.io/ipv4?q=ED68C58B63218E1D2AA63394B3F23ECA26FE5884C9F2235AC2D4AB6EDD2F064E could help you to find out
LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
BEAST (CVE-2011-3389) TLS1: ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA
VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)
LUCKY13 (CVE-2013-0169), experimental potentially VULNERABLE, uses cipher block chaining (CBC) ciphers with TLS. Check patches
RC4 (CVE-2013-2566, CVE-2015-2808) VULNERABLE (NOT ok): ECDHE-RSA-RC4-SHA RC4-SHA
The results are very clear, the left is the test items, the right is the test result. Which contains the LOGJAM test