Bug 348036

Summary:	Rekonq is vulnerable to the Logjam Attack
Product:	[Unmaintained] kio	Reporter:	Marcus <wellendorf>
Component:	kssl	Assignee:	Konqueror Bugs <konqueror-bugs-null>
Status:	RESOLVED FIXED
Severity:	major	CC:	adjam7, cfeck, christoph
Priority:	NOR
Version First Reported In:	unspecified
Target Milestone:	---
Platform:	Kubuntu
OS:	Linux
URL:	https://weakdh.org/
Latest Commit:		Version Fixed/Implemented In:
Sentry Crash Report:

Description Marcus 2015-05-21 05:07:50 UTC

See webpage:
Logjam Attack against the TLS Protocol. The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.

Reproducible: Always


Actual Results:  
browser is unsafe to use

Expected Results:  
:-)

Comment 1 Christoph Feck 2015-05-21 23:32:45 UTC

Reassigned (rekonq uses KIO).

Comment 2 Justin Zobel 2021-03-10 00:15:43 UTC

Thank you for the bug report.

As this report hasn't seen any changes in 5 years or more, we ask if you can please confirm that the issue still persists.

If this bug is no longer persisting or relevant please change the status to resolved.

Comment 3 Christoph Cullmann 2025-03-08 20:46:01 UTC

I would assume this is fixed in the current ssl code Qt uses. (and mitigated on the server side)

Comment 4 Christoph Cullmann 2025-03-08 20:46:15 UTC

https://openssl-library.org/post/2015-05-20-logjam-freak-upcoming-changes/