Logjam SSL Flaw – Diffie Hellman

May - 21 2015 | By

​The latest issue with SSL has been found by researchers and it is an issue with 1024 bit Diffie-Hellman key exchange.  This is a man-in-the-middle attack that can also downgrade vulernable TLS connections to 512-bit Export grade cryptography.  This is somewhat similar to the FREAK attack.  To learn more see https://weakdh.org – this page will also test your browser to see if it is safe.

For people browsing the web:
Internet Explorer – safe after May updates
Firefox – Firefox 39 7/2/2015
Firefox Add-in Disable DHE can fix the flaw
Chrome – safe 43.0.2357.81 5/25/2015
Safari Mac and iOS – waiting for update – iOS 8.4 6/30/2015
Opera – Opera 30, 6/2/2015
Chrome for iOS – waiting for update
Chrome and Default browser in Android – Chrome 43.0.2357.78 5/27/2015, only for Android 4.1 and later.

For web and mail servers:
See https://weakdh.org/sysadmin.html this page has a test and information on how to fix the most popular web servers. and mail servers.

OpenSSL updated 6/12/2015
OpenSSL 0.98za
OpenSSL 1.0.0m
OpenSSL 1.0.1h

From my experience IIS 6 and later are not affected by this flaw, but they do not support Elliptic-Curve Diffie-Hellman (ECDHE) which would make them even more secure.

If you have a SSH server be sure to install the latest updates for your SSH server to protect your system.

Please contact Michael Spice for help with this and all security issues and concerns.