TLS Bug Logjam Did Not Affect Tutanota
The recently discovered vulnerability of the TLS/SSL protocol called "Logjam" did not affect your Tutanota emails.
Nevertheless, we checked and updated all our cipher suites directly after the publication of the flaw.
Logjam is a bug that existed since the 1990s. It would allow an attacker sitting between a user and a vulnerable server to lower the TLS encryption so that it can be cracked. The bug affects all servers that support DHE_EXPORT ciphers for encrypting their traffic. The Tutanota servers never supported DHE_EXPORT and, thus, were never affected by Logjam.
As a precaution we have configured the Tutanota servers so that they do not support any DHE cipher suites at all. Thus, we even protect your unencrypted emails with secure transport encryption.
Author
Matthias is co-founder and developer of Tuta, focusing on backend development, architecture and email processing. He writes code and political comments to fight for our human right to privacy. He wants to create an encrypted cloud collaboration platform which is so easy to use and so secure that it locks out all the spies. We all deserve a better internet - one where privacy is the default.
Top posts
Latest posts
No comments available