SSH Diffie-Hellman Modulus <= 1024 Bits (Logjam)


Sep 28, 2018
cPanel Access Level
Root Administrator
Hey guys,

One of the sites hosted on WHM failed PCI.

The remote host allows SSH connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.
I read good few topics about it and I understand the problem but I don't know how to fix it.
Can someone explain step by step what I need to do to fix this vulnerability?


Here's a response from one of our technical analysts on a recent support ticket regarding this vulnerability:

I would recommend, at a minimum, upgrading to Apache 2.4. It appears that by default, Apache 2.4.7 and above do not serve Diffie-Hellman parameters smaller than 2048 bits:

mod_ssl - Apache HTTP Server Version 2.4

Additionally, you could also generate the custom Diffie-Hellman parameters and provide them directly to OpenSSL globally by adding the directive suggested by the Logjam site you linked to:

SSLOpenSSLConfCmd DHParameters "{path to dhparams.pem}"

in one of the Apache includes, which can be edited through WHM:

Include Editor - Documentation - cPanel Documentation