Bug 348036 - Rekonq is vulnerable to the Logjam Attack
Summary: Rekonq is vulnerable to the Logjam Attack
Status: RESOLVED FIXED
Alias: None
Product: kio
Classification: Unmaintained
Component: kssl (other bugs)
Version First Reported In: unspecified
Platform: Kubuntu Linux
: NOR major
Target Milestone: ---
Assignee: Konqueror Bugs
URL: https://weakdh.org/
Keywords:
Depends on:
Blocks:
 
Reported: 2015-05-21 05:07 UTC by Marcus
Modified: 2025-03-08 20:46 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus 2015-05-21 05:07:50 UTC 
See webpage:
Logjam Attack against the TLS Protocol. The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.

Reproducible: Always


Actual Results:  
browser is unsafe to use

Expected Results:  
:-)
Comment 1 Christoph Feck 2015-05-21 23:32:45 UTC 
Reassigned (rekonq uses KIO).
Comment 2 Justin Zobel 2021-03-10 00:15:43 UTC 
Thank you for the bug report.

As this report hasn't seen any changes in 5 years or more, we ask if you can please confirm that the issue still persists.

If this bug is no longer persisting or relevant please change the status to resolved.
Comment 3 Christoph Cullmann 2025-03-08 20:46:01 UTC 
I would assume this is fixed in the current ssl code Qt uses. (and mitigated on the server side)