[openssl-users] Vulnerability >> logjam << downgrades TLS connections to 512 Bit
noloader at gmail.com
Wed May 20 21:29:51 UTC 2015
On Wed, May 20, 2015 at 5:39 AM, Ben Humpert <ben at an3k.de> wrote:
> Technical report: https://weakdh.org/imperfect-forward-secrecy.pdf
> Check your browser (currently all are affected) at https://weakdh.org/
> Check your Server at https://weakdh.org/sysadmin.html
> Deploying Guide: https://weakdh.org/sysadmin.html
Also see "Minimum size of DH",
The problem of the small DH group was reported years ago.
I can't help but feel it contributes to this observation from the paper:
We find that 82% of vulnerable servers use a
single 512-bit group, allowing us to compromise
connections to 7% of Alexa Top Million HTTPS sites.
More information about the openssl-users