On Tue, 2015-08-18 at 23:04 -0400, Ted Byers wrote: > On our latest penetration test, our pfsense machines were flagged as having > a SSL/TLS Diffie-Hellman Modulus <= 1024 Bits, allegedly making it > vulnerable to Logjam. This is for the web server on the pfsense machine, > used to administer it. > > I do not, at present, care about the wherefore and why. > > All I want to know is where and how the size of the Diffie-Hellman modulus > is configured, and what do I change in order to have that set to,say, 2048 > bits. > > Thanks > > Ted >
Which version of pfSense? You can import your own certificate signed externally with whatever parameters you like and I notice that if I try and generate a new one in certificate manager (on 2.2.4), it defaults to a key length of 2048 bits and SHA256. Finally, although it is good practice to scan your gear I trust you usually have a firewall rule that prohibits access to the web configurator console except from a few sources. Also the port you should have shuffled off to a non default. Cheers Jon _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
