Researchers have discovered a vulnerability with the Diffie-Hellman key exchange mechanism in SSL/TLS called Logjam, which is similar to the FREAK attack, and have now published Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice and a Guide to Deploying Diffie-Hellman for TLS.

The Logjam vulnerability allows a man-in-the-middle (MITM) attacker to downgrade vulnerable SSL/TLS connections to 512-bit export-grade cryptography. The attacker can then observe and modify any data passed over the secure connection.

Logjam attacks the Diffie-Hellman key exchange and any server which supports DHE_EXPORT ciphers may be vulnerable. Tests show that 8.4 percent of the top 1 million protected domains are vulnerable and 3.4 percent of all HTTPS sites are vulnerable.

Similar to FREAK, the weakness dates back to the 1990s when the US government banned selling crypto software overseas, unless it used export cipher suites which involved asymmetric keys no longer than 512-bits. Through Logjam, an attacker can manipulate the connection between a browser and a server which supports DHE_EXPORT and modify the traffic to downgrade the secure connection to use a weak 512-bit key.

Please note that the vulnerability is not an issue with the certification authority or the SSL/TLS digital certificate. This vulnerability is due to a flaw in the SSL/TLS protocol, but can be mitigated with implementation changes at the secure server.

To test your server, please use the Entrust SSL Server Test. If your server is vulnerable to Logjam, the test will state, “The server supports weak Diffie-Hellman (DH) key exchange parameters.” Also note that the server grade will be capped to a B.

logjam2

Server administrators are recommended to disable support for all export cipher suites including DHE_EXPORT. Administrators are also encouraged to use either 1024-bit DHE with a freshly generated group or deploy ECDHE as an alternative. Please also review the researchers Diffie-Hellman deployment guide which discusses disabling export cipher suites, deploying elliptic-curve Diffie-Hellman (ECDH) key exchange, and generating a strong unique Diffie-Hellman Group.

If you are a browser user, please ensure you keep up-to-date with your browser upgrades, which will also mitigate the attack by enforcing 1024-bits as the minimum key size for Diffie-Hellman.

Updated May 29, 2015: The recommendation to use 1024-bit DHE with a freshly generated group is still valid to mitigate Logjam, but 1024-bit DHE is also considered to be weak as we move to the future. Assuming you have server support, we recommend you first consider using 2048-bit DHE.

Entrust Datacard