Posts

Showing posts from July, 2015

Protect Google Chrome against Logjam Vulnerability

Image
Determine if you're vulnerable to the Logjam Attack - go to https://weakdh.org/ with your chrome browser and see if you get a blue bar (good) or a red one (bad).

When I tried this Firefox was OK, Google Chrome was not.

I fixed this by editing /usr/bin/google-chrome and adding the --cipher-suite-blacklist parameter.

# Make sure that the profile directory specified in the environment, if any,
# overrides the default.
if [[ -n "$CHROME_USER_DATA_DIR" ]]; then
  # Note: exec -a below is a bashism.
  exec -a "$0" "$HERE/chrome" --user-data-dir="$CHROME_USER_DATA_DIR" --cipher-suite-blacklist=0xcc15,0x009e,0x0039,0x0033 "$@"
else
  exec -a "$0" "$HERE/chrome" --cipher-suite-blacklist=0xcc15,0x009e,0x0039,0x0033 "$@"
fi

as shown above.

https://cc.dcsec.uni-hannover.de/ will tell you which ciphers your browser currently supports.