[openssl-users] Vulnerability >> logjam << downgrades TLS connections to 512 Bit

Jeffrey Walton noloader at gmail.com
Wed May 20 21:29:51 UTC 2015

On Wed, May 20, 2015 at 5:39 AM, Ben Humpert <ben at an3k.de> wrote:
> Technical report: https://weakdh.org/imperfect-forward-secrecy.pdf
> Check your browser (currently all are affected) at https://weakdh.org/
> Check your Server at https://weakdh.org/sysadmin.html
> Deploying Guide: https://weakdh.org/sysadmin.html

Also see "Minimum size of DH",
The problem of the small DH group was reported years ago.

I can't help but feel it contributes to this observation from the paper:

    We find that 82% of vulnerable servers use a
    single 512-bit group, allowing us to compromise
    connections to 7% of Alexa Top Million HTTPS sites.


More information about the openssl-users mailing list