TLS Bug Logjam Did Not Affect Tutanota

The recently discovered vulnerability of the TLS/SSL protocol called "Logjam" did not affect your Tutanota emails. Nevertheless, we checked and updated all our cipher suites directly after the publication of the flaw.

Logjam is a bug that existed since the 1990s. It would allow an attacker sitting between a user and a vulnerable server to lower the TLS encryption so that it can be cracked. The bug affects all servers that support DHE_EXPORT ciphers for encrypting their traffic. The Tutanota servers never supported DHE_EXPORT and, thus, were never affected by Logjam.

As a precaution we have configured the Tutanota servers so that they do not support any DHE cipher suites at all. Thus, we even protect your unencrypted emails with secure transport encryption.

Free your data from mass spying!

and get your encrypted mailbox for free now.

Matthias is co-founder and developer of Tutanota. I write code to fight for our human right to privacy. I want to create a cloud service which is so easy to use and so secure that it locks out all the spies. We really deserve better.

Posted on: 2015-05-22