You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Tested on Yosemite 10.10.3, jruby 1.7.19 (1.9.3p551), java 1.8.0_20-b2, OpenSSL 1.0.2a 19 Mar 2015 for testing and cert generation
So I've generated certificate and tried with localhost and WEBrick on a dummy app.
Here's the output from commands to test from openssl blog:
openssl s_client -connect localhost:3043 -cipher "EDH" | grep "Server Temp Key"’
=> Server Temp Key: DH, 1024 bits, which is lower than recommended(2048), but still good.
openssl s_client -connect localhost:3043 -cipher "ECDHE" | grep "Server Temp Key"`
=> Server Temp Key: ECDH, B-571, 570 bits -- which is fine;
openssl s_client -connect localhost:3043 -cipher "EXP"
=> CONNECTED(00000003) and handshake succeed, which is bad.
One should have seen connection refused here
---
Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/17561458-logjam-and-freak-vulnerabilities?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github).
The text was updated successfully, but these errors were encountered:
Based on this link https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ jruby-openssl is vulnerable to logjam.
Tested on Yosemite 10.10.3, jruby 1.7.19 (1.9.3p551), java 1.8.0_20-b2, OpenSSL 1.0.2a 19 Mar 2015 for testing and cert generation
So I've generated certificate and tried with localhost and WEBrick on a dummy app.
Here's the output from commands to test from openssl blog:
Dummy app: https://github.com/warbot/testopenssl
--- Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/17561458-logjam-and-freak-vulnerabilities?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F136995&utm_medium=issues&utm_source=github).The text was updated successfully, but these errors were encountered: