Logjam (CVE-2015-4000)

Logjam is the discrete-log attack on Diffie-Hellman parameter reuse that broke TLS connections using common 1024-bit DH groups in 2015.

Definition

Logjam (CVE-2015-4000) is an attack against TLS connections using Diffie-Hellman key exchange. Many servers shared a small set of common DH parameters, making the discrete-log computation cost amortisable across all of them. With a state-level adversary's compute budget, 1024-bit shared groups became decryptable. The disclosure pushed the industry toward larger, unique DH groups and toward ECDHE.

Mitigation

Use unique DH groups of 2048 bits or larger, or prefer ECDHE entirely.

See also

References