Skip to main content
System StatusContact Support
VersionOne Community

Was VersionOne affected by the Logjam Attack Vulnerability?

Background                                                                                                        

The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.

Answer

The VersionOne application application was not impacted as the DHE_EXPORT or EXP-EDH ciphers are disabled.  We have also tested each web server by using the Qualsys SSL Server Test. All servers are safe from the Logjam Attack Vulnerability.