Discover our Clipsal Smart Home packages as seen on the Block

in location

OR

I'm looking for

  • Wholesalers
    • Uncheck All Check All
  • EXPERTISE
    • Expand
    • Expand
    • Expand
    • Uncheck All Check All
  • Switchboard Manufacturers
    • Uncheck All Check All
OR

The best way to see what Clipsal electric products can do for your home is seeing them in action at a Clipsal Display Centre.

Product stock may vary according to location. If you're after a specific product range, please check with your chosen location before visiting.

10 Results
    Load More Load Complete
    Change Location

    Security Notification: "LOGJAM" vulnerability (CVE-2015-4000) - impact to PowerChute Network Shutdown.

    Issue:
    On 20th May 2015, several weaknesses in the Diffie-Hellman Key Exchange that could lead to security vulnerabilities in protocols such as HTTPS that rely on TLS 1.2 and earlier were published on the following website - https://weakdh.org/. This is known as the Logjam attack (CVE-2015-4000).

    Products:
    PowerChute Network Shutdown

    Environment:
    All Support OS

    Cause:
    1. Logjam attack against the TLS protocol: “The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.”
    2. Threats from State Adversaries: The use of pre-computed prime numbers that are 1024 bits in size or less in the Diffie-Helman key exchange can be exploited with varying levels of difficulty:
      1. 512-bit – An individual user can break this.
      2. 768-bit – University level resources required.
      3. 1024-bit – Nation-State level resources required.
    PowerChute Network Shutdown
    V2.2.x – These versions support DHE_EXPORT cipher suites and are vulnerable.

    V3.0.x – DHE_EXPORT cipher suites are blocked but they use a Diffie-Hellman prime of less than 2048-bits and are therefore vulnerable. The level of difficulty depends on the JRE version being used with PowerChute.  Java 8 uses a default value of 1024-bits. Java 7 may use 768-bits or higher depending on the version.

    V4.0.0 - DHE_EXPORT cipher suites are blocked but they use a Diffie-Hellman prime of less than 2048-bits and are therefore vulnerable. The level of difficulty depends on the JRE version being used with PowerChute.  Java 8 uses a default value of 1024-bits.  Java 7 may use 768-bits or higher depending on the version.

    Solution:

    PowerChute Network Shutdown
    We recommend updating the version of PowerChute Network Shutdown to the latest version, v4.0.0,  or updating the JRE version used by PowerChute to Java 8. For 32-bit Solaris OS, Java 7 must be used.
    • V2.2.x – Install the 32-bit version of Java 8 from java.com on the machine running PowerChute. Re-run the PowerChute installer – v2.2.x will automatically detect and use Java 8.
    • V3.0.x – Install the 32-bit version of Java 8 from java.com on the machine running PowerChute. Re-run the PowerChute installer and select the Public JRE option.
    • V4.0.0 has Java 8 bundled as a private JRE.

    Once PowerChute has been configured to use Java 8 (Java 7 on Solaris x86):
    1. Stop the PowerChute service.
    2. In the folder where Java is installed open “lib\security\java.security” using a text editor.
    3. Scroll to the end of the file and locate the line “jdk.tls.disabledAlgorithms=SSLv3” – set this to “jdk.tls.disabledAlgorithms=SSLv3,DH”
    4. Save the file and re-start the PowerChute service.
    Adding “DH”, as outlined in step 3 above, removes support for DHE cipher suites and forces connections to PowerChute using ECDHE cipher suites.  Elliptic-Curve Diffie-Hellman (ECDH) key exchange is not vulnerable to the Logjam attack.
     

    Didn’t find what you were looking for?

    Try Searching Again View Our Categories

    Need further assistance?

    Our Customer Care department provides total customer service solutions for our residential, industrial and commercial applications.

    Get Assistance