“LogJam Computer Bug Could Wreak Havoc” – USA Today
“A Frightening New Vulnerability Could Let Hackers Bypass The One Thing That Keeps Us Safe Online” – Business Insider
“FREAK-like LogJam Attack Undermines TLS Security” Infosecurity Magazine
“Enterprise, Cloud Services Exposed as Vulnerable to LogJam” – ZDnet
With frightening headlines appearing last week in various news outlets around the world, it’s no wonder people are paying attention to the Diffie-Hellman key exchange attack also known as LogJam. The extremely popular Diffie-Hellman key exchange algorithm allows Internet protocols to negotiate secure connections using shared keys and is integral to protocols such as HTTPS, SMTPS, IPsec and those reliant on TLS. LogJam exploits a flaw that could allow eavesdropping and data manipulation on affected HTTPS websites.
GoAnywhere Not Vulnerable to LogJam Attack on SSL/TLS.
GoAnywhere Services relies on the JSSE provider for handling SSL/TLS handshake operations. If configured properly, GoAnywhere is not vulnerable to the SSL/TLS Diffie Hellman key exchange attack known as LogJam.
To avoid this attack in GoAnywhere, configure your HTTPS/AS2, FTP, and FTPS Services to only enable cipher suites that utilize the Elliptic Curve DH key exchange algorithms.
For any GoAnywhere customers who have concerns or need assistance in ensuring their system is configured properly, our dedicated Support Team is always available to help. There are several convenient ways to connect with us. You can learn more on our Customer Support page at GoAnywhere.com.