TLS Bug Logjam Did Not Affect Tutanota

The recently discovered vulnerability of the TLS/SSL protocol called "Logjam" did not affect your Tutanota emails. Nevertheless, we checked and updated all our cipher suites directly after the publication of the flaw.

Logjam is a bug that existed since the 1990s. It would allow an attacker sitting between a user and a vulnerable server to lower the TLS encryption so that it can be cracked. The bug affects all servers that support DHE_EXPORT ciphers for encrypting their traffic. The Tutanota servers never supported DHE_EXPORT and, thus, were never affected by Logjam.

As a precaution we have configured the Tutanota servers so that they do not support any DHE cipher suites at all. Thus, we even protect your unencrypted emails with secure transport encryption.

No comments available