Breaking news
…and more

TLS Bug Logjam Did Not Affect Tutanota

2015-05-22
The recently discovered vulnerability of the TLS/SSL protocol called "Logjam" did not affect your Tutanota emails. Nevertheless, we checked and updated all our cipher suites directly after the publication of the flaw.

Logjam is a bug that existed since the 1990s. It would allow an attacker sitting between a user and a vulnerable server to lower the TLS encryption so that it can be cracked. The bug affects all servers that support DHE_EXPORT ciphers for encrypting their traffic. The Tutanota servers never supported DHE_EXPORT and, thus, were never affected by Logjam.

As a precaution we have configured the Tutanota servers so that they do not support any DHE cipher suites at all. Thus, we even protect your unencrypted emails with secure transport encryption.