Transport Layer Security, or TLS, is the protocol commonly used in HTTPS connections. Logjam is the code name for a cryptographic weakness in the Diffie-Helman key exchange algorithm used by TLS. The Diffie-Helman Exchange (DHE) allows two parties – a browser and server in our case – to exchange prime numbers in a secure manner which are then used to create a shared secret used to encrypt a session.
A team of computer scientists and security researchers found that precomputing the prime number groups that DHE uses allows faster computation of the discrete logs used to find the shared secret. With academic-level resources, the researchers precomputed a 512-bit group used by 82% of vulnerable servers. The researchers posit that nation-state level resources could precompute 1024-bit Diffie-Helman groups, affecting even larger swaths of the internet.
Ultimately, the Logjam attack would be launched with a man-in-the-middle attack which downgrades a session to use export grade, or 512-bit, encryption, the attacker computes the unique log, and then finally determines the session’s key, allowing once encrypted traffic to be read. This means HTTPS communication, such as online shopping, using weak Diffie-Helman key exchange is not properly secure.
SiteLock customers using the TrueShield web application firewall (WAF) are protected by default. SiteLock terminates, or handles, HTTPS sessions and in turn blocks vulnerable key exchanges as SiteLock servers are configured to support only the most secure cipher suites.
Administrators are urged to configure their servers to deny the use of vulnerable Diffie-Helman key exchange algorithms. Researchers provided a guide for system administrators, and the SSL Server Test can verify configuration results. We also urge users to be on the look out for future updates to popular browsers which will mitigate the Logjam vulnerability.
SiteLock not only secures your website from vulnerabilities and malware, we secure your customer’s valuable data in transit, so they stay customers and your business flourishes. Stay tuned to the SiteLock Blog for the latest security developments.