A new vulnerability has been found in the SSL/TLS
protocol. Named Logjam, this new bug lies in the TLS protocol itself and
has the potential to affect many different platforms. Systems that employ
SSL/TLS will need to be checked for this vulnerability. Please contact me
for more info.
SANS ISC:
Logjam - vulnerabilities in Diffie-Hellman key exchange
affect browsers and servers using TLS - https://isc.sans.edu/diary/Logjam+-+vulnerabilities+in+Diffie-Hellman+key+exchange+affect+browsers+and+servers+using+TLS/19717
Weakdh.org:
Guide to Deploying Diffie-Hellman for TLS - https://weakdh.org/sysadmin.html
(remediation steps available here)
No comments:
Post a Comment