Overview
A TLS protocol vulnerability has been recently disclosed that could result in attackers being able to intercept and modify SSL/TLS encrypted traffic to servers that support Diffie-Hellman based export cipher suites.
This vulnerability is known as 'LogJam' and has been assigned the following CVE number:
- CVE-2015-4000: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000
What Customers Should Do
Citrix has completed an assessment of this issue. As this is a flaw in the TLS protocol, rather than a specific implementation issue, Citrix recommends that customers disable all Diffie-Hellman based export ciphers on SSL/TLS server end-points.
For further information on configuring cipher selection on Citrix products to remove Diffie-Hellman based export ciphers, please contact your normal Citrix Support representative or review the relevant product documentation. This can be found on the Citrix website at the following address:
Please continue to monitor this document for any future updates.
What Citrix Is Doing
Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at http://support.citrix.com/.
Obtaining Support on This Issue
If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at https://www.citrix.com/support/open-a-support-case.html.
Reporting Security Vulnerabilities
Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix