Article ID: 125741, created on Jun 4, 2015, last review on Apr 19, 2016

  • Applies to:
  • Plesk 12.5 for Linux
  • Plesk 12.0 for Linux
  • Plesk 11.0 for Linux
  • Plesk 11.5 for Linux
  • Plesk 12.0 for Windows
  • Plesk 11.5 for Windows


A CVE-2015-4000 vulnerability in the TLS protocol implementation, so called 'Logjam'. Logjam is a new attack against the Diffie-Hellman key-exchange protocol used in TLS.


"The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable."

There is an additional whitepaper available that also describes this vulnerability.



Operating system (OS) vendors released the following security advisories to address this vulnerability:




We have prepared a patch file in accordance with recommendations from Guide to Deploying Diffie-Hellman for TLS.

Apply the script on a test environment first. Contact Plesk Technical Support in case of any arising issues.

The script will patch properly if you have an OpenSSL version 1.0.1 and higher, becasue earlier versions do not have TLS v1.1 and TLS v1.2 support.


~# wget
~# unzip
~# chmod +x

./ [v3|dh] [service name like apache, nginx]

Without arguments it will patch all services configuration for SSLv3 (Poodle) and weak DH (Logjam)

NOTE: The script also protects from CVE-2014-3566: POODLE attack.


  1. Open the Group Policy Object Editor (i.e., run gpedit.msc in the command prompt).
  2. Expand Computer Configuration > Administrative Templates > Network > SSL Configuration Settings.
  3. Under SSL Configuration Settings, open the SSL Cipher Suite Order setting.
  4. Set up a strong cipher suite order. See this list of Microsoft's supported ciphers and Mozilla's TLS configuration instructions.

Search Words

Where to control cipher set? [all]

weak dh

postfix Logjam





The server does not support Forward Secrecy

ssl vulnerability CVE-2013-2566

Could not connect to server

[Plesk] CVE-2015-4000 LOGJAM TLS DH vulnerability

ssl DH change


Logjam Attack

a914db3fdc7a53ddcfd1b2db8f5a1b9c 56797cefb1efc9130f7c48a7d1db0f0c 29d1e90fd304f01e6420fbe60f66f838 01bc4c8cf5b7f01f815a7ada004154a2 0a53c5a9ca65a74d37ef5c5eaeb55d7f aea4cd7bfd353ad7a1341a257ad4724a 2a5151f57629129e26ff206d171fbb5f e335d9adf7edffca6a8af8039031a4c7 ed7be2b984f9c27de1d2dc349dc19c6d 85a92ca67f2200d36506862eaa6ed6b8 a766cea0c28e23e978fa78ef81918ab8 46a8e394d6fa13134808921036a34da8 bd7fc88cf1b01f097749ae6f87272128 742559b1631652fadd74764ae8be475e

Email subscription for changes to this article
Save as PDF