If this tool helped you, you can buy us a coffee ☕
Scan your website's TLS configuration for the LOGJAM vulnerability and evaluate the security of your Diffie-Hellman key exchange.
Please enter a domain or IP address to start detection
MAC Address Vendor Lookup
Enter a MAC address to instantly identify the device manufacturer and detailed physical address. Perfect for network management and security auditing.
TLS Ticketbleed Vulnerability Scanner
Scan websites or servers for the TLS Ticketbleed vulnerability (CVE-2016-9244) to assess the risk of memory information leaks.
IPv4 / IPv6 Address Converter
A two-way IPv4 and IPv6 address converter for network configuration, debugging, and format validation.
Is your website's TLS encryption at risk of man-in-the-middle (MitM) attacks due to outdated, weak Diffie-Hellman parameter groups? This tool scans the TLS handshake process of a specified domain to inspect its key exchange algorithm configuration and determine if the LOGJAM vulnerability exists. The LOGJAM vulnerability is a TLS protocol flaw that allows attackers to downgrade connections to use easily crackable 512-bit Diffie-Hellman groups, potentially decrypting HTTPS traffic. Our tool's output clearly indicates whether the target domain is at risk on a specific port (usually 443) and provides a security rating along with the relevant CVE identifier.
example.com.Q: What exactly is the LOGJAM vulnerability, and how do I fix it?
A: The LOGJAM vulnerability (CVE-2015-4000) is an attack against the Diffie-Hellman key exchange in the TLS protocol. To fix it, you need to disable all export-grade cipher suites on your server and upgrade your Diffie-Hellman parameter groups to at least 2048-bit.
Q: Does an "OK" result mean my server is completely secure?
A: Not entirely. An "OK" result only means the LOGJAM vulnerability was not detected. Your website might still have other TLS configuration issues (such as weak cipher suites or certificate errors). We recommend conducting a comprehensive TLS security audit.
Please only scan domains for which you have administrative privileges or explicit authorization; unauthorized scanning may violate laws and regulations. The scan results are point-in-time; you must rescan if server configurations change. This tool primarily targets the standard HTTPS port (443). Non-standard ports or complex network environments (such as behind a CDN or WAF) may affect scan accuracy. The scanning process initiates a TLS connection to the target server; ensure your actions comply with the target site's terms of service.
For security and DevOps professionals, we recommend integrating this tool into your regular TLS configuration audit workflow. A typical input/output example: entering vulnerable.example.com with port 443 might output a "Vulnerable" security status linked to CVE-2015-4000. Note that the LOGJAM vulnerability typically affects servers that still support DHE_EXPORT suites or use common, low-bit DH parameters. Beyond detection, taking remediation action is crucial: in web server configurations like Nginx or Apache, disable all cipher suites containing "EXPORT" or "DHE" with insufficient key lengths, and generate a unique, strong Diffie-Hellman parameter file. For modern servers, using ECDHE key exchange is highly recommended, as it offers superior efficiency and security compared to traditional DHE.