New TLS Vulnerability Explained: Are Your Sites Safe?

tls-logjam

Filippo Valsorda, writing for CloudFlare:

Yesterday, a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published a deep analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. This analysis included a novel downgrade attack against the TLS protocol itself called Logjam, which exploits EXPORT cryptography (just like FREAK).

The research team performed the precomputation on the most common 512-bit (EXPORT) parameters to demonstrate the impact of Logjam, but they express concerns that real, more powerful attackers might do the same with the common normal-DHE 1024-bit parameters.

Finally, in their Internet-wide scan they discovered that many servers will provide vulnerable 512-bit parameters even for non-EXPORT DHE, in order to support older TLS implementations (for example, old Java versions).

In order to best protect yourself from this vulnerability, the servers you visit (like Facebook, or Google, or CNN.com) as well as your specific web browser (like Chrome or Firefox) need to be patched. Fixing the server is up to developers like us at Knoxweb. Updating your browser is up to you, the user. For more information on the size and scope of these vulnerabilities, and to test whether your browser is vulnerable, check out weakdh.org. It is important at this juncture to also know that NO Knoxweb clients with sites served over https are vulnerable to these kinds of attacks.

Another important note since this original post came from CloudFlare: All of the information contained in the post is completely technically correct. It is the best explanation we have read of the Logjam attack. However, if you are a CloudFlare subscriber or have ever considered it as a CDN, be aware that they are currently offering some seriously broken SSL options. 2 of their 3 choices (“Universal SSL” and “Full SSL”) are not secure by today’s standards. Universal SSL leaves connections to the origin unsecured which allows for passive or active man-in-the-middle attackers to intercept things. Their Full SSL package would allow an active man-in-the-middle attacker to intercept origin connections. What this means is that with these CloudFlare SSL options, your site could still have the green lock and make you feel safe, but customers’ credit card information could be traveling to the origin server in plain text.

These are murky waters for everyone- If you have questions about your SSL or are considering upgrading an existing site, talk to the professionals — We’ll have some suggestions 😉