Forum OpenACS Development: LogJam Vulnerability

Request notifications

Collapse
Posted by Gustaf Neumann on
LogJam is newly detected vulnerability affecting https (but not only) due to a flaw in the TLS protocol [1]. It allows e.g. a man-in-the-middle attack reading and modifying https streams. It effects many thousand public sites using https, smtp (with StartTLS), pop3 and imaps (for details, see [2]) and other protocols using tls.

OpenACS installations based on current versions of NaviServer [4] with the recommended nsssl setup [5] are not effected.

[1] https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html
[2] https://weakdh.org/
[3] https://weakdh.org/sysadmin.html
[4] http://openacs.org/forums/message-view?message_id=4269386
[5] https://bitbucket.org/naviserver/nsssl