Wednesday 20 May 2015
It seems like we just got over the Heartbleed vulnerability, but there’s another major flaw with SSL called “logjam” that affects a number of fundamental Web protocols. The bug affects an algorithm called the “Diffie-Hellman key exchange” which allows protocols such as HTTPS, SSH, IPsec, SMTPS to negotiate a shared key and create a secure connection. Researchers from a number of universities and organizations including discovered a number of weaknesses in the algorithm and published a technical report that details its flaws. The attack allows a man-in-the-middle to downgrade security of connections to a lower level of encryption — 512 bit —…
This story continues at The Next Web
