The Logjam attack [CVE-2015-4000] is specific to Diffie-Hellman key exchanges, which takes advantage of primes of low strength.
- Keys and primes below 2048 bits of strength are considered vulnerable to being mathematically broken, especially to the “Logjam attack.”
- Servers that have the DHE_EXPORT cipher enabled for TLS-dependent services are at risk. This flaw allows attackers to eavesdrop on and possibly tamper with encrypted connections.
Ensure TLS is properly configured on the affected server(s), as outlined in the Guide to Deploying Diffie-Hellman for TLS.