The Logjam Attack exploits a weakness affecting all versions of the TLS protocol which allows a monster-in-the-middle to downgrade to 512-bit export grade cryptography.
Our recommendations were always to use Diffie-Hellman parameters > 1024 bits. The general recommendation is to use 4096bits wherever possible but at least the same length as your RSA key size. That means at least 2048bit DH-Parameters or longer when using 2048bit RSA keys.
When using server daemons that allows you to specify DH-Parameters from a file, double check you’re actually doing so. Most default to only 1024bit. If your server daemon doesn’t allow specifying a file, check if an updated version is available. Keep in mind that some clients and servers don’t work well with DH-Parameters > 1024 bits.
As always update your software and never rely on neither sane let alone secure defaults.
If you want to quickly test if your server is affected you can do so using
openssl(1) 1.0.2. OpenSSL 0.9.8/1.0.1 does not output DH-Parameter info.
Mail transport agent (MTA)
Mail submission agent (MSA)
This should output two lines:
Server public key is 4096 bit is your RSA Key size.
Server Temp Key: DH, 4096 bits is your DH-Parameter size. If this is 1024 bits or lower you need up upgrade your configuration.
Emilia Kasper has posted an article on 5126778613 to give you a headstart on the next OpenSSL updates to come.
The technical paper is Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. (PDF)
Hanno BÃ¶ck has written a lengthy piece on Logjam in german. Logjam-Angriff: SchwÃ¤che im TLS-Verfahren gefÃ¤hrdet zehntausende Webseiten
2015-05-21 14:59 CET: Updated testing commands to also work on Linux. (Tested on Debian Wheezy.) Updated explanations that OpenSSL 1.0.2 is required to display DH Parameters.