How to protect your Debian or Ubuntu Server against the Logjam attack

This tutorial describes the steps that need to be taken to protect your Ubuntu or Debian Linux Server against the recently detected Logjam attack. Logjam is an attack against the Diffie-Hellman key exchange which is used in popular encryption protokols like HTTPS, TLS, SMTPS, SSH and others. A detailed description can be found here https://weakdh.org/.

This tutorial is compatible with ISPConfig 3 setups on Debian and Ubuntu.

The following steps have to be executed as root user on the shell.

Generate a unique DH Group

The first step to secure your server is to generate a unique DH Group with the openssl command. I will create the file in the /etc/ssl/private/ directory. When you dont have this directory on your server, then create it with these commands:

mkdir -p /etc/ssl/private
chmod 710 /etc/ssl/private

Now I'll create the dhparams.pem file and set secure permissions:

cd /etc/ssl/private
openssl dhparam -out dhparams.pem 2048
chmod 600 dhparams.pem

Apache

First I will add a secure cipher suite based on the recommendations from weakdh.org. Open the file /etc/apache2/mods-available/ssl.conf with an editor:

nano /etc/apache2/mods-available/ssl.conf

and change or add these lines:

SSLProtocol             all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on

Please note that the SSLCipherSuide is just one long line, so dont add line breaks!

The second part is to set the DH Group in apache. The SSLOpenSSLConfCmd config option is only available in apache 2.4.8 or newer and it also requires openssl 1.0.2 or newer, so we have to test first if our apache and openssl version supports it:

apache2 -v

The output on my Debian 7 server is:

[email protected]:/etc/apache2# apache2 -v
Server version: Apache/2.2.22 (Debian)
Server built: Dec 23 2014 22:48:29

Now I'll test openssl:

openssl version

The output on my system is:

[email protected]:/# openssl version
OpenSSL 1.0.1e 11 Feb 2013

So I can't set the DH Group on this server. The first and second parts are independent of each other, the first part already disabled weak ciphers to protect your server and it will work without the DH group. In case you want to install the latest OpenSSL form source, check out this guide. If your apache version is > 2.4.8 and OpenSSL > 1.0.2, then edit the /etc/apache2/mods-available/ssl.conf file again:

nano /etc/apache2/mods-available/ssl.conf

Add the line:

SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"

and restart apache:

service apache2 restart

Nginx

Edit the Nginx configuration file /etc/nginx/nginx.conf

nano /etc/nginx/nginx.conf

Add or replace the following settings inside the httpd { .... } section:

ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/private/dhparams.pem;

And restart Nginx:

service nginx restart

Postfix

Run these commands to set the secure cipher suite and the DH Group:

postconf -e "smtpd_tls_mandatory_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK, aECDH, EDH-DSS-DES-CBC3-SHA, EDH-RSA-DES-CDC3-SHA, KRB5-DE5, CBC3-SHA"
postconf -e "smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem"

And restart postfix:

service postfix restart

Dovecot

Edit the dovecot configuration file /etc/dovecot/dovecot.conf

nano /etc/dovecot/dovecot.conf

and add the line:

ssl_cipher_list=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

right after the ssl_protocols line.

For the other parameters, we need to know the dovecot version. Run this command to get the dovecot version information on the shell:

dovecot --version

When the version is 2.2.6 or greater, then add this additional line:

ssl_prefer_server_ciphers = yes

When the version is 2.2.7 or greater, then add this third line:

ssl_dh_parameters_length = 2048

Finally restart dovecot

service dovecot restart

Pure-ftpd

Securing pure-ftpd on Debian and Ubuntu is a bit more complicated as the /usr/sbin/pure-ftpd-wrapper script does not support the -J switch out of the box which is used by pure-ftpd to set the SSL Cipher Suite. The first step is to add support for the -J option in the wrapper script. Open the file:

nano /usr/sbin/pure-ftpd-wrapper

And scroll down to the line:

'TLS' => ['-Y %d', \&parse_number_1],

Now add this new line right afterwards:

'TLSCipherSuite' => ['-J %s', \&parse_string],

Then create (or edit when it exists) the file /etc/pure-ftpd/conf/TLSCipherSuite with nano:

nano /etc/pure-ftpd/conf/TLSCipherSuite

and enter the following cipher list:

ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

When the file exists already and contains some ciphers, then replace the ciphers with the ones above. Then save the file and restart pure-ftpd:

service pure-ftpd-mysql restart
Share this page:

Suggested articles

42 Comment(s)

Add comment

Comments

By: mlmateos

In Debian 8, after add the line

SSLOpenSSLConfCmd DHParameters "/etc/ssl/private/dhparams.pem"

and restart apache, I got 

 

Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a mod...ration

So I commented out and could restart apache. 

By: mlmateos

In line:

potconf -e "smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem"

there is a typo, the command is: postconf (missing 's')  

By: chico11mbit

after restartibg pureftp:

Restarting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/TLSCipherSuite: No corresponding directive

i had no file TLSCipherSuite there, so what is the complete content of this file?

By: till

Which Debian or Ubuntu version do you use?

By: meewi

This is in my case the same with Ubuntu 14.04.01 LTS as well as Debian Wheezy. This on two different servers with both pure-ftp version 1.0.36 installed.

By: till

The tutoral has been updated to solve this, see my comment from 2015-05-21 08:40:23, please redo the pure-ftpd part to fix this on your server.

By: bch

Its great that you raise awareness for this issue. A few notes:

1) Error on the second postfix command, "potconf".

2) The SSLOpenSSLConfCmd needs OpenSSL 1.0.2, Jessie uses 1.0.1k at the moment.

By: till

Thanks for the hint! I've added a note on the openssl version to the guide.

By: Flo

Thx. for the great summary on this issue. :)

Winni Neessen has provided a small patching allowing to fix this issue for Apache versions 2.2.xx, too.

Based on this patch I've recompiled the current Apache 2.2.22 sources of Debian Wheezy for i386 and amd64 machines:

https://flo.sh/debian-wheezy-apache2-logjam-fix/

Just in case someone is looking for a quick fix for Debian Wheezy until the security team has published an offical fix for this issue.

-Flo

By: koecse

Thanks for this great howto!

There is a little typing error on the second postconf command. It should be postconf instead of potconf.

Best regards.

By: till

Thanks to everyone for pointing out the typo with the postconf command, I corrected that now in the tutorial.

By: greenone

exactly under debian7 with apache 2.2.22 this does not work

By: till

You can only set the secure cipher suites with apache 2.2, thats explained in the guide, this provides already some protection against the attack. The additional protection with the DH group requires  apache version > 2.4.8 and OpenSSL > 1.0.2.

By: Oli

I get the same error on Ubuntu 14.04.2 LTS.  The '/etc/pure-ftpd/conf' dir has the following files:

 

AltLog

BrokenClientsCompatibility

ChrootEveryone

DisplayDotFiles

DontResolve

FSCharset

MinUID

MySQLConfigFile

NoAnonymous

PAMAuthentication

PureDB

TLS

UnixAuthentication

 

The pure-ftpd version is 1.0.36-1.1.

By: till

Thanks for pointing that out. I had added the TLSCipherSuite option on my servers last year already as protection against the poodle attack, so I did not notice that it is still missing in the regular Debian and Ubuntu packages. I've added instructions to the tutorial on how to add support for cipher suites in the pure-ftpd wrapper script.

By: chico11mbit

thx a lot :-)

By: joostvdl

For nginx the line for the ssl_dhparam should end with a semicolon:

ssl_dhparam /etc/ssl/private/dhparams.pem;

By: nvidian

On nginx, do I need to update OpenSSL to 1.02 at the first place ?

My OS is Debian Jessie.

By: wiz

Hi,

I do a test on www.ssllabs.com/ssltest/ (provide by weakdh.org) after this tuto.

My ratting was B because Diffie-Hellman (DH) key exchange is still enabled.

"This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B"

So i added ":!DH" on the ssl_cipher_list to disable it, my ratting is A now !

By: vinder

For Debain 7 the config dont work...

 

---------------cut--------------------

yntax error on line 76 of /etc/apache2/mods-enabled/ssl.conf:

Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration

Action 'configtest' failed.

The Apache error log may have more information.

 failed!

-----------------------cut---------------------------

By: till

The config works fine for Debian 7, you just added a command that the tutorial tells you not to add on Debian 7 as the apache version is too old. Please read the apache config section again, it explains which commands shall be added for which apache version.

By: kelanting

same as me on debian 7, 

Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration

Action 'configtest' failed.

The Apache error log may have more information.

 failed!

--------------------------------------------

here is my apache2 version after upgrade version

[email protected]:~# apache2 -v

Server version: Apache/2.2.22 (Debian)

Server built:   May 21 2015 00:57:22

--------------------------------------------

[email protected]:~# openssl version

OpenSSL 1.0.1e 11 Feb 2013

By: till

Take a look at the versions you posted: your apache version is "2.2.22" but the SSLOpenSSLConfCmd command requires  2.4.8 or newer. Same for the openssl version.

The tutorial clearly tells you to NOT add the command on Debian 7 as the apache version in Debian 7 is too is too old. As described in the above tutorial, you shall add only the lines "SSLProtocol", "SSLCipherSuite" and "SSLHonorCipherOrder" but NOT "SSLOpenSSLConfCmd" in your apache version.

So the fix is to edit the apache ssl config file again, remove the line "SSLOpenSSLConfCmd" and restart apache.

By: Chris

I haver already something in the /etc/pure-ftpd/conf/TLSCipherSuite file:

HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3

i added the rest like this:

HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3:ECDHE-RSA-AES128-GCM-SHA256:[and the rest of this long line]

 the first part was from a fix against some exploit, should i leave it?

 

By: till

From the tutorial "When the file exists already and contains some ciphers, then replace the ciphers with the ones above.". :)

By: Jindar

After this update  TLS over FTP gets timeout !!!

 

Status:    Initializing TLS...Status:    Verifying certificate...Status:    TLS connection established.Command:    USER *********Response:    331 User ****** OK. Password requiredCommand:    PASS **********Response:    230 OK. Current restricted directory is /Command:    OPTS UTF8 ONResponse:    200 OK, UTF-8 enabledCommand:    PBSZ 0Response:    200 PBSZ=0Command:    PROT PResponse:    200 Data protection level set to "private"Status:    ConnectedStatus:    Retrieving directory listing of "/web"...Command:    CWD /webResponse:    250 OK. Current directory is /webCommand:    TYPE IResponse:    200 TYPE is now 8-bit binaryCommand:    PASVResponse:    227 Entering Passive Mode (.............,49,156)Command:    MLSDError:    Connection timed out after 20 seconds of inactivityError:    Failed to retrieve directory listing

By: fisik

How about to check logs? When I set this for myself it seems working properly.

By: Fisik

Hi, thanks for the guide. 

I got the same versions of apache and openssl as you do ...  as I get it right, we are not fully protected until we will upgrade OpenSSL and Apache versions? On the https://www.ssllabs.com/ssltest/ my server is capped down to B, because of DH and on https://weakdh.org/sysadmin.html I got message that ! This site uses a commonly-shared 1024-bit Diffie-Hellman group, and might be in range of being broken by a nation-state. It might be a good idea to generate a unique, 2048-bit group for the site.

 

By: thctlo

hai, thanks, worked for me..

in addittion. have a look here..

https://flo.sh/debian-wheezy-apache2-logjam-fix/

a patched debian wheezy apache2.2, which allows to set to dh3072

 

By: Frank Denis

Pure-FTPd has never been vulnerable to logjam. DH was not supported until 1.0.36, and in more recent releases, it either uses ECDH, or the RFC3526 2048-bit prime, or the supplied parameters, which the documentation recommends to be 2048-bit as well.

By: Andres Gonzalez Tenorio

For safety reasons, I have my encryption settings configured in apache like this:

SSLCipherSuite HIGH:!MEDIUM:!aNULL:!MD5:!RC4

It is say that only are allowed, encrypted major superiors or equal 256.

Would not it be better to just leave high active level encrypted and deny encrypted as shown below?

SSLCipherSuite HIGH:!MEDIUM:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

 

By: celocore

Since last updates for ubuntu 12.04 LTS this apache version 2.2.22 is able to read alternative DHparams appended to certificate .pem-files. If you don't want to append it to every vhost certficate, you can do this also if you append the DHparams to the SSLCertificateFile configured in default-ssl. The new params are also loaded if this site isn't enabled. We've tested this with https://weakdh.org/sysadmin.html and https://www.ssllabs.com/ssltest/

By: celocore

In addition to my last comment (it is not yet activated)...

If you follow this tutorial, you can also activate the new DHparams if you add the line

SSLCertificateFile /etc/ssl/private/dhparams.pem

to the file /etc/apache2/mods-available/ssl.conf and reload the apache2 service.

By: Slayer

Should I create a httpd section in /etc/nginx/nginx.conf?

In my nginx.conf there is only http section.

 

By: Alex

Debian 7

apache2 -vServer version: Apache/2.2.22 (Debian)Server built:   Dec 23 2014 22:48:29

openssl versionOpenSSL 1.0.1e 11 Feb 2013

 

Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration

By: till

That's the expected output. As the tutorial states, you should add the command when your apache version is > 2.4.8 and OpenSSL > 1.0.2 and on your server, both versions are lower then the required minimum versions for this command, so you should not have added that line on your server.

By: OrangeZx10R

Ok so I made the changes to Apache2, Dovecot and Postfix as per the instructions, now I can't connect to ISPCONFIG via https://xxx.xxx.x.xxx:8080

By: brody

Centos7 ?

By: Salem

I can't say say how I thnak ypu , After  Itest my site cetificae on www.ssllabs.com I got B first time with "Weak key exchange" error . but after I follow your well writen tutorial I'm able to got A grade . that's great .

By: Michael

I've followed this tutorial on Debian 7, and I get the following error:

Invalid command 'SSLOpenSSLConfCmd', perhaps misspelled or defined by a module not included in the server configuration

However, I upgraded Apache2 to 2.4.10 and OpenSSL to 1.0.2. So I don't know why I should still receive this error?

By: computerwuffi

Hi Till,

i'm very new to debian and i followed your great tutorial The Perfekt Server - Debian 8.4 on my Debian 8.6 OS.

All things go fine und it works perfect. Now my question: it is necessary to add further safety aspects e.g. according to this tutorial? What further instructions can you recommend?

Thanks for your help!

By: johnymas

Hi, is this tutorial still actual due to current /etc/apache2/mods-available/ssl.conf/ssl.conf settings which include

#SSL v2 is no longer supported