Cryptography / SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)



SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam) is a vulnerability in cryptography that affects infrastructure. It is categorized as CWE-327: Use of a Broken or Risky Cryptographic Algorithm and is identified as an A8 Insecure Cryptographic Storage in the OWASP Testing Guide. This vulnerability occurs when an organization uses a Diffie-Hellman key exchange with a modulus less than or equal to 1024 bits. It can be exploited by an attacker to downgrade the security of TLS connections and enable man-in-the-middle (MITM) attacks.


This vulnerability can have serious security implications. An attacker can gain access to sensitive data by leveraging this vulnerability to launch a MITM attack. The risk assessment for this vulnerability is “high” as it can be used to gain unauthorized access to networks and data.


Organizations should ensure that all Diffie-Hellman key exchanges are configured with a modulus greater than 1024 bits. This can be achieved by disabling support for 1024-bit Diffie-Hellman exchanges on servers and ensuring that stronger key sizes are used.


The following code snippet is an example taken from the CVE-2015-4000 vulnerability.

openssl s_client -connect -cipher "EDH-RSA-DES-CBC3-SHA"

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.