CVE-2015-4000 - Logjam TLS Vulnerability
Posted June 18, 2015
Assessed Risk Level: Medium
On May 20, researchers announced weaknesses in how Diffie-Hellman for TLS is commonly deployed.
Fixes for this vulnerability disable export-grade cipher suites, utilize Elliptic-Curve Diffie-Hellman (ECDH) key exchange, and use 2048-bit or stronger Diffie-Hellman groups using "safe" primes.
For more information on Logjam, please see the Logjam disclosure site.
Affected Software Versions:
- Puppet Enterprise 3.x
- Puppet Enterprise 3.8.1