Latest SSL Vulnerability: Logjam

If you have any questions, please contact SecurityMetrics support, 801.705.5700.

What does Logjam mean for your business?

Follow up investigations on the FREAK vulnerability have led to the discovery of yet another SSL encryption protocol vulnerability: Logjam. According to researchers at Johns Hopkins University, the flaw has been around for almost two decades, but was just recently discovered. It weakens the encrypted connection between user and web/email server. About 8% of the top one million HTTPS sites are estimated to be vulnerable.

Affected browsers

• Google Chrome
• Mozilla Firefox
• Internet Explorer
• Apple Safari
  

How does Logjam work?

The problem is, the encryption protocol called Diffie-Hellman lets hackers downgrade connections to crackable 512-bit security (if an attacker can get man-in-the-middle access). It’s unknown if malicious entities have exploited the weakness.

See also: PCI DSS 3.1: Stop Using SSL and Outdated TLS Immediately

Our recommendations

Luckily, we aren’t waiting around for browser patches for this vulnerability. It’s already been patched. Here are our recommendations.

• Don’t use SSL version 2.0 or 3.0. (Use TLS 1.1 or 1.2)
• Don’t use export-level cyphers.
• If you haven’t upgraded your email server after FREAK, do so now.
• If you’re an admin, you need to change the Diffie-Hellman cipher settings on your server.
• If you’re a casual browser, install the latest version of your browser…and browse on.

SecurityMetrics vulnerability scan customers can check if their systems are vulnerable by running a SecurityMetrics vulnerability scan. If you've been running your regular scans and fixing vulnerabilities as they arise, you should already be covered on a server level basis.

If you have any questions, please contact SecurityMetrics support, 801.705.5700.