Our team received this from a contact at IBM that we felt was important to be noted here for reference:
The latest SSL/TLS attack (LOGJAM) is a cipher down-grade attack that exploits
olde ciphers, or weakened ciphers, or the order in which the 'best available' cipher
is negotiated.
How bad is the LOGJAM exploit?
- 8.4% of the Top-100 websites are vulnerable.
- 66% of the popular VPNs are vulnerable.
I like this list of cipher SSL/TLS suites. Server admins should consider adopting it
without additions or altering the cipher order.
https://www.grc.com/miscfiles/
The author does review & update the list periodically.
The latest SSL/TLS attack (LOGJAM) is a cipher down-grade attack that exploits
olde ciphers, or weakened ciphers, or the order in which the 'best available' cipher
is negotiated.
How bad is the LOGJAM exploit?
- 8.4% of the Top-100 websites are vulnerable.
- 66% of the popular VPNs are vulnerable.
I like this list of cipher SSL/TLS suites. Server admins should consider adopting it
without additions or altering the cipher order.
https://www.grc.com/miscfiles/
The author does review & update the list periodically.
No comments:
Post a Comment