Tech Alert: The Logjam Attack

Date 21/05/2015

Affected Product
Java

Details
The Logjam attack is the result of a weakness in the Diffie-Hellman key exchange that exposes a system against man in the middle attacks and threats state level adversaries in key exchanges. For more information see https://weakdh.org/.


Resolution
To resolve this issue you should upgrade the Java installation on the Access Manager server to Java 8. Please not that Access Manager is not optimized for use with Java 8 and as a result you may encounter some issues with compatibility, for example you will encounter issues with Provisioning.

If you are using an Access Manager 1.2 VM, or a system built from the ISO, both of which user Debian OS, then this can be done by following these instructions:

1. Go to the virtual machine console and access the command line by pressing ALT + F2.
2. Login to the command line with the root user credentials, these will have been set during your initial installation.
3. You will need to add the Java update tag to the sources list

echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee /etc/apt/sources.list.d/webupd8team-java.list
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list


4. Then confirm the secure connection

apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886


5. Now call the system to check for updates

apt-get update


6. The Java 8 installer should be detected, you can run this with

apt-get install oracle-java8-installer


7. IMPORTANT NOTE: By default Oracle Java 8 does not provide support for certificates of 2048 key size or greater, the system will require the addition of Unlimited Strength Jurisdiction Policy files, also known as the Extended JCE files. To do this enter the following command and confirm the installation

apt-get install oracle-java8-unlimited-jce-policy

 

8. After the installation completes you will need to perform a system reboot for the new files to take effect, either use the reboot command or return the VM Console (ALT + F1) and select the Restart option.



Unfortunately older systems that are using the Ubuntu 10 operating system are unable to locate the Java 8 release as it has not been made available. Ubuntu 12 units are also reporting issues with serials numbers being lost. If you wish to be secure against Logjam then it is recommended that take a backup of your 1.2 configuration, license, and certificate and apply these to a new 1.2 Debian based VM or ISO built system.

Have more questions? Submit a request

Comments

Powered by Zendesk