LogJam TLS vulnerability

Post Reply
cassini
Posts: 336
Joined: Sun May 26, 2013 6:36 pm

LogJam TLS vulnerability

Post by cassini »

Lots of TLS-related services affected. Browsers, servers, VPNs, SSH, mail clients, etc.
see https://weakdh.org/
In-depth analysis: https://weakdh.org/imperfect-forward-secrecy.pdf
Instructions for admins: https://weakdh.org/sysadmin.html

phelix
Posts: 1634
Joined: Thu Aug 18, 2011 6:59 am

Re: LogJam TLS vulnerability

Post by phelix »

The NSA is such a pain. I wonder how much more of the world's time, money and mental health they want to waste.
nx.bit - some namecoin stats
nf.bit - shortcut to this forum

biolizard89
Posts: 2001
Joined: Tue Jun 05, 2012 6:25 am
os: linux

Re: LogJam TLS vulnerability

Post by biolizard89 »

It's hard to blame this one on the NSA directly. All affected servers had already been getting an F on SSLLabs for ages. Fun fact, my university's service that lets you see your grades is affected. (OU's IT people are beyond incompetent. Someone should sue them for endangering student record privacy.)
Jeremy Rand, Lead Namecoin Application Engineer
NameID: id/jeremy
DyName: Dynamic DNS update client for .bit domains.

Donations: BTC 1EcUWRa9H6ZuWPkF3BDj6k4k1vCgv41ab8 ; NMC NFqbaS7ReiQ9MBmsowwcDSmp4iDznjmEh5

Post Reply