Logjam: the latest TLS vulnerability explained

On May 20th, a group of researchers from INRIA, Microsoft Research, Johns Hopkins University, the University of Michigan, and the University of Pennsylvania published an analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. The research includes a novel downgrade attack against the TLS protocol called Logjam, which exploits EXPORT cryptography (similar to FREAK). CloudFlare customers are not affected by this vulnerability since they do not support non-EC Diffie-Hellman ciphersuites on either the client or origin side. The researchers found that 8.4% of Alexa Top Million HTTPS websites were initially vulnerable, with 82% and 10% of them using the same two parameter sets, making precomputation more viable. Both the client and the server need to be vulnerable for the attack to succeed.