Thursday, May 21, 2015

Protecting against the Logjam vulnerability using AWS Elastic Load Balancer

If you use Amazon's ELB to handle your TLS (I highly recommend this) you can protect your users and yourself against Logjam by changing a single setting in the AWS console.

Instructions with screenshots:

  1. Open the EC2 dashboard in the Amazon Web Services Console.
  2. On the left under Network Security click on "Load Balancers"
  3. Select the Load Balancer instance and click on "Change" in the "Cypher" column.
  4. The "Select a Cipher" window will pop up, (though you can select multiple ciphers)
  5. Select "Predefined Security Policy" and then select the new item named "ELBSecurityPolicy-2015-05"
  6. Select Save and close the window.


The change is effective immediately and without interruption.  Test access to your site using all the browsers that you care about.  Then repeat steps 3 to 6 for any other Load Balancer Instances you have.

Also try the "Server Test" function against your site URL from the PFS Deployment Guide

This will take only 10 seconds and it offers your users an important level of protection.  Don't imagine that you are not a target.