CVE-2015-4000 - Citrix Security Advisory for DHE_EXPORT TLS Vulnerability

Overview

A TLS protocol vulnerability has been recently disclosed that could result in attackers being able to intercept and modify SSL/TLS encrypted traffic to servers that support Diffie-Hellman based export cipher suites.

This vulnerability is known as ‘LogJam’ and has been assigned the following CVE number:

• CVE-2015-4000: <https://vulners.com/cve/CVE-2015-4000&gt;

What Customers Should Do

Citrix has completed an assessment of this issue. As this is a flaw in the TLS protocol, rather than a specific implementation issue, Citrix recommends that customers disable all Diffie-Hellman based export ciphers on SSL/TLS server end-points.

For further information on configuring cipher selection on Citrix products to remove Diffie-Hellman based export ciphers, please contact your normal Citrix Support representative or review the relevant product documentation. This can be found on the Citrix website at the following address:

<http://docs.citrix.com/&gt;

Please continue to monitor this document for any future updates.

What Citrix Is Doing

Citrix is notifying customers and channel partners about this potential security issue. This article is also available from the Citrix Knowledge Center at _ <http://support.citrix.com/&gt;_.

Obtaining Support on This Issue

If you require technical assistance with this issue, please contact Citrix Technical Support. Contact details for Citrix Technical Support are available at _ <https://www.citrix.com/support/open-a-support-case.html&gt;_.

Reporting Security Vulnerabilities

Citrix welcomes input regarding the security of its products and considers any and all potential vulnerabilities seriously. For guidance on how to report security-related issues to Citrix, please see the following document: CTX081743 – Reporting Security Issues to Citrix