The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.
Yet another vulnerability allowing an attacker to downgrade the TLS connection to use weaker ciphers. The solution in this case is easy:
- Generate strong DH group: openssl dhparam -out /etc/nginx/certs/dhparams.pem 2048
- Configure web server (e.g. with nginx): Add ssl_dhparam /etc/nginx/certs/dhparams.pem; to nginx.conf
On Friday, March 20th, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by an intermediate certificate authority apparently held by a company called MCS Holdings. This intermediate certificate was issued by CNNIC.
CNNIC is included in all major root stores and so the misissued certificates would be trusted by almost all browsers and operating systems. Chrome on Windows, OS X, and Linux, ChromeOS, and Firefox 33 and greater would have rejected these certificates because of public-key pinning, although misissued certificates for other sites likely exist.
Reminder to go through all trusted Root CAs in Keychain Access / Certificate Manager tools and delete/untrust all "shady" roots (CNNIC, Turktrust, etc.)