How to protect your Debian or Ubuntu Server against the Logjam attack

This tutorial describes the steps that need to be taken to protect your Ubuntu or Debian Linux Server against the recently detected Logjam attack. Logjam is an attack against the Diffie-Hellman key exchange which is used in popular encryption protokols like HTTPS, TLS, SMTPS, SSH and others. A detailed description can be found here https://weakdh.org/.

This tutorial is compatible with ISPConfig 3 setups on Debian and Ubuntu.

The following steps have to be executed as root user on the shell.

Generate a unique DH Group

The first step to secure your server is to generate a unique DH Group with the openssl command. I will create the file in the /etc/ssl/private/ directory. When you dont have this directory on your server, then create it with these commands:

mkdir -p /etc/ssl/private
chmod 710 /etc/ssl/private

Now I'll create the dhparams.pem file and set secure permissions:

cd /etc/ssl/private
openssl dhparam -out dhparams.pem 2048
chmod 600 dhparams.pem

Apache

First I will add a secure cipher suite based on the recommendations from weakdh.org. Open the file /etc/apache2/mods-available/ssl.conf with an editor:

nano /etc/apache2/mods-available/ssl.conf

and change or add these lines:

SSLProtocol             all -SSLv2 -SSLv3

SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

SSLHonorCipherOrder     on

Please note that the SSLCipherSuide is just one long line, so dont add line breaks!

The second part is to set the DH Group in apache. The SSLOpenSSLConfCmd config option is only available in apache 2.4.8 or newer and it also requires openssl 1.0.2 or newer, so we have to test first if our apache and openssl version supports it:

apache2 -v

The output on my Debian 7 server is:

root@server1:/etc/apache2# apache2 -v
Server version: Apache/2.2.22 (Debian)
Server built: Dec 23 2014 22:48:29

Now I'll test openssl:

openssl version

The output on my system is:

root@server1:/# openssl version
OpenSSL 1.0.1e 11 Feb 2013

So I can't set the DH Group on this server. The first and second parts are independent of each other, the first part already disabled weak ciphers to protect your server and it will work without the DH group. In case you want to install the latest OpenSSL form source, check out this guide. If your apache version is > 2.4.8 and OpenSSL > 1.0.2, then edit the /etc/apache2/mods-available/ssl.conf file again:

nano /etc/apache2/mods-available/ssl.conf

Add the line:

SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"

and restart apache:

service apache2 restart

Nginx

Edit the Nginx configuration file /etc/nginx/nginx.conf

nano /etc/nginx/nginx.conf

Add or replace the following settings inside the httpd { .... } section:

ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';

ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/private/dhparams.pem;

And restart Nginx:

service nginx restart

Postfix

Run these commands to set the secure cipher suite and the DH Group:

postconf -e "smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA"
postconf -e "smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem"

And restart postfix:

service postfix restart

Dovecot

Edit the dovecot configuration file /etc/dovecot/dovecot.conf

nano /etc/dovecot/dovecot.conf

and add the line:

ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

right after the ssl_protocols line.

For the other parameters, we need to know the dovecot version. Run this command to get the dovecot version information on the shell:

dovecot --version

When the version is 2.2.6 or greater, then add this additional line:

ssl_prefer_server_ciphers = yes

When the version is 2.2.7 or greater, then add this third line:

ssl_dh_parameters_length = 2048

Finally restart dovecot

service dovecot restart

Pure-ftpd

Securing pure-ftpd on Debian and Ubuntu is a bit more complicated as the /usr/sbin/pure-ftpd-wrapper script does not support the -J switch out of the box which is used by pure-ftpd to set the SSL Cipher Suite. The first step is to add support for the -J option in the wrapper script. Open the file:

nano /usr/sbin/pure-ftpd-wrapper

And scroll down to the line:

'TLS' => ['-Y %d', \&parse_number_1],

Now add this new line right afterwards:

'TLSCipherSuite' => ['-J %s', \&parse_string],

Then create (or edit when it exists) the file /etc/pure-ftpd/conf/TLSCipherSuite with nano:

nano /etc/pure-ftpd/conf/TLSCipherSuite

and enter the following cipher list:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

When the file exists already and contains some ciphers, then replace the ciphers with the ones above. Then save the file and restart pure-ftpd:

service pure-ftpd-mysql restart
Share this page:

42 Comment(s)