ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Is Messaging Gateway vulnerable to CVE-2015-4000 / "Logjam" Diffie-Helman key exchange weakness

book

Article ID: 161983

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

A vulnerability scan of Messaging Gateway (SMG) states that SMG is vulnerable to CVE-2015-4000 / Logjam

"Logjam" is a weakness with the TLS protocol which may allow an attacker to force a lower level of security for some secured connections that use the Diffie-Hellman key exchange. For a full description of the issue please see https://weakdh.org.

Resolution

Neither the SMG Control Center web interface nor the SMTP TLS communications are affected by the Logjam vulnerability. Neither TLS configurations implement the DHE_EXPORT ciphers which are required by the Logjam vulnerability.