[openssl-users] Vulnerability >> logjam << downgrades TLS connections to 512 Bit
Jeffrey Walton
noloader at gmail.com
Wed May 20 21:29:51 UTC 2015
On Wed, May 20, 2015 at 5:39 AM, Ben Humpert <ben at an3k.de> wrote:
> Technical report: https://weakdh.org/imperfect-forward-secrecy.pdf
>
> Check your browser (currently all are affected) at https://weakdh.org/
>
> Check your Server at https://weakdh.org/sysadmin.html
>
> Deploying Guide: https://weakdh.org/sysadmin.html
Also see "Minimum size of DH",
http://rt.openssl.org/Ticket/Display.html?id=3120&user=guest&pass=guest.
The problem of the small DH group was reported years ago.
I can't help but feel it contributes to this observation from the paper:
We find that 82% of vulnerable servers use a
single 512-bit group, allowing us to compromise
connections to 7% of Alexa Top Million HTTPS sites.
Jeff
More information about the openssl-users
mailing list