BLOG

Researchers have discovered a vulnerability with the Diffie-Hellman key exchange mechanism in SSL/TLS called Logjam, which is similar to the FREAK attack, and have now published Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice and a Guide to Deploying Diffie-Hellman for TLS. The Logjam vulnerability allows a man-in-the-middle (MITM) attacker to downgrade vulnerable SSL/TLS connections to 512-bit export-grade cryptography.