R
ryanvade
Guest
I recently noticed that with the 3.19.1 update of NSS that I am unable to log into my universities websites. After digging around I found out that their servers are vulnerable to the Logjam Diffie-Hellman key exchange vulnerability discovered in May 2015. Looking even deeper it seems that this also ties into the SHA1 algorithm which Google, Microsoft, and others will no longer support after 2017 (Which should force Certificate Authorities to upgrade from SHA1 to at least SHA2).
I want to make sure that everyone knows about the vulnerability. Please go to weakdh.org to check if your web browser is vulnerable. You may also start to see errors such as this:
This error usually means that the server you are trying to connect to is vulnerable and your web browser is preventing a connection for your privacy.
I do not know how many distributions are updated. Arch and Manjaro Linux are updated for sure. Ubuntu 15.04 and earlier are NOT updated (as are most of the derivatives IE Mint).
I would ask that everyone check if your distribution is updated and then report the results in this thread.
Other information:
http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx
https://support.mozilla.org/en-US/questions/1065417
https://bugzilla.mozilla.org/show_bug.cgi?id=1166031
I want to make sure that everyone knows about the vulnerability. Please go to weakdh.org to check if your web browser is vulnerable. You may also start to see errors such as this:
This error usually means that the server you are trying to connect to is vulnerable and your web browser is preventing a connection for your privacy.
I do not know how many distributions are updated. Arch and Manjaro Linux are updated for sure. Ubuntu 15.04 and earlier are NOT updated (as are most of the derivatives IE Mint).
I would ask that everyone check if your distribution is updated and then report the results in this thread.
Other information:
http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
http://blogs.technet.com/b/pki/archive/2013/11/12/sha1-deprecation-policy.aspx
https://support.mozilla.org/en-US/questions/1065417
https://bugzilla.mozilla.org/show_bug.cgi?id=1166031
And I'm not surprised..... :3 I'll check on my Green Inspiron!..... 
