Forum OpenACS Development: LogJam Vulnerability

Posted by Gustaf Neumann on
LogJam is newly detected vulnerability affecting https (but not only) due to a flaw in the TLS protocol [1]. It allows e.g. a man-in-the-middle attack reading and modifying https streams. It effects many thousand public sites using https, smtp (with StartTLS), pop3 and imaps (for details, see [2]) and other protocols using tls.

OpenACS installations based on current versions of NaviServer [4] with the recommended nsssl setup [5] are not effected.