Amazon Linux AMI : nss / nss-util (ALAS-2015-569) (Logjam)
Medium Nessus Plugin ID 84929
SynopsisThe remote Amazon Linux AMI host is missing a security update.
DescriptionA flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic.
Please note that this update forces the TLS/SSL client implementation in NSS to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits.
SolutionRun 'yum update nss nss-util' to update your system.