The Logjam Attack basically allows an attacker to downgrade a secure connection to a VPN or secure website so that the attacker is able to read or modify your communication. The issue was found in the way how Diffie-Hellman key exchange has been deployed. It has been extensively described at https://weakdh.org/.
Scan your servers for Logjam
The output from weakdh.org is a JSON object that is far more easier to parse than the results from Qualys. I asked the people from weakdh.org if I could use their test to verify a list of hosts (approx. 500) with a 5 second interval to check if a host is vulnerable to Logjam. They agreed to it. You can get my small Python script from Github. If you plan on using this script to scan your environment I suggest you ask them permission first and use a sane waiting time between the different queries.
You can get the script from Github. It uses three parameters
- weakdh_hosts : a text file with the hosts to check
- pause_interval : the interval to wait between a query
- base_url : the URL from weakdh.org
Note that the script only checks for really vulnerable sites. Sites that have 1024-bit Diffie-Hellman might be vulnerable to “nation-state” attackers also. This script does not raise a warning for these sites.