The OpenSSL project team has released a patch for its cryptographic library to fix a severe vulnerability, which...
could allow an attacker to decrypt HTTPS communications, and to harden defenses against the Logjam flaw.
The decryption attack vulnerability was discovered in the way OpenSSL handles the Diffie-Hellman (DH) key exchange in certain scenarios. Usually, OpenSSL only uses so-called safe prime numbers, but in OpenSSL 1.0.2, a new way of generating parameter files will reuse a prime number. Theoretically, an attacker could then use this value to decrypt secure communications.
Garve Hays, solutions architect at Micro Focus, said the risk should be limited, because the main exposure is in services that provide forward secrecy, such as Gmail, Twitter and Facebook.
"The good news is those organizations are diligent in their patch management process, so the risk will be quickly mitigated," Hays said. "Forward secrecy is a protocol feature wherein the possession of a private key does not allow for the decryption of past messages. Thus, if a private key were obtained, it could not be used to go back and recover older communications."
OpenSSL 1.0.1 is not vulnerable to this kind of attack, so users running version 1.0.2 are urged to install the OpenSSL patch version 1.0.2f.
The new patch also adds new features to further reduce the impact of a Logjam attack. Logjam could allow a man-in-the-middle attacker to downgrade vulnerable TLS connections. A previous OpenSSL patch protected against this attack by rejecting handshakes with DH parameters shorter than 768 bits, and the new patch hardens that protocol to reject parameters shorter than 1024 bits.
Those running OpenSSL 1.0.1 should upgrade to version 1.0.1r to get the additional Logjam security.
Learn more about how the Logjam vulnerability can affect TLS encryption.
Learn how the Diffie-Hellman key exchange compares to RSA.
Learn how to fix Windows Server SSL and TLS security flaws.