Endpoint Vulnerability

NSS accepts export-length DHE keys with regular DHE cipher suites


Security researcher Matthew Green reported a Diffie Hellman (DHE) key processing issue in Network Security Services (NSS) where a man-in-the-middle (MITM) attacker can force a server to downgrade TLS connections to 512-bit export-grade cryptography by modifying client requests to include only export-grade cipher suites. The resulting weak key can then be leveraged to impersonate the server. This attack is detailed in the 'Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice' paper and is known as the 'Logjam Attack.'

Affected Products

Firefox,Firefox ESR