Update on “Logjam” HTTPS-crippling attack vulnerability
Important announcement about the security of your Sonian Archive Account
On 20th May 2015 a security vulnerability was discovered which required immediate action on our part to review and address. No data was compromised, but our updates may require action and testing on your part to continue secure communication.. Full details below.
Published details on the vulnerability can be found here:
Sonian considers data security its primary responsibility, and we want to make you aware of a recent security issue affecting internet communications, nicknamed ‘Logjam’. On Wednesday 20th May, this vulnerability which potentially affects tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services was discovered. A team of computer scientists has determined that Logjam renders these servers and services vulnerable to a new attack that lets eavesdroppers read and modify data passing through encrypted connections,
What Sonian has done.
We are currently preparing our environments to be updated with patches that will protect the services from this vulnerability.
Based on industry recommendations, we are limiting the ciphersuites that Sonian will support.
What you should do.
Please review the suites listed below to identify if any match your environments. If you utilise ciphersuites not listed, we may not be able to communicate securely.
As we apply the relevant patches, we will ask you to perform various tests to ensure that your infrastructures continue to be compatible.
Our SMTP acceptance gateways will be due a patch, please be advised that we will ask that you test thoroughly the delivery mechanism for submitting journaled data to customers accounts.
To aid this, we will ask you to perform journal delivery tests against a pre-configured account, Sonian has generated on your behalf.
When you attempt to submit sample journal data to the test account, you must ensure that forced TLS is applied for the journaled SMTP delivery. Do not allow the messages to be delivered utilising opportunistic TLS, as this will not identify any potential issues surrounding the security of the data during transit.
Please feel free to provide us with any feedback, concerns that are raised in the Sonian support ticketing service.