HTTPS-crippling attack threatens tens of thousands of Web and mail servers

[Chiefcrowe]

http://arstechnica.com/security/201...ens-tens-of-thousands-of-web-and-mail-servers

 

[PliotronX]

Does that affect TLSv1.2?

 

[Chiefcrowe]

I don't believe so but I'm also not sure about that.

 

[matricks]

All versions of TLS protocol are affected. The attack depends on the server and client supporting weak EDH/DHE key exchanges, using typically 512-bit primes that are common among large amounts of servers (occurs when servers use pre-defined primes instead of generating their own).

TLS Logjam check will tell you if a server is vulnerable. Weakdh.org will tell you if your browser is vulnerable, in addition to explaining the vulnerability.

 

[John Connor]

God! It seems once a month there is trouble with SSL. Looks like my browser and and websites are safe though. Now I have to wonder about SFTP.

 

[PliotronX]

All versions of TLS protocol are affected. The attack depends on the server and client supporting weak EDH/DHE key exchanges, using typically 512-bit primes that are common among large amounts of servers (occurs when servers use pre-defined primes instead of generating their own).

TLS Logjam check will tell you if a server is vulnerable. Weakdh.org will tell you if your browser is vulnerable, in addition to explaining the vulnerability.

Those links are amazing tools, thank you! I was only worried because of mandatory PCI compliance probes at an office.

 

[Chiefcrowe]

Thanks for posting, I understand now more now it works.

All versions of TLS protocol are affected. The attack depends on the server and client supporting weak EDH/DHE key exchanges, using typically 512-bit primes that are common among large amounts of servers (occurs when servers use pre-defined primes instead of generating their own).

TLS Logjam check will tell you if a server is vulnerable. Weakdh.org will tell you if your browser is vulnerable, in addition to explaining the vulnerability.