Anyone write today on @misc and @tech about this, so I'll ask just to make sure: is OpenIKED and/or OpenSMTPD vulnerable to this new "Logjam Attack"? This vulnerability allow "a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography" and "[Since] Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange" "[using it] an attacker can quickly break individual connections" [...] "attacks on VPNs are consistent with having achieved such a break."[1]. They have a proof of concept[2] and a research paper[3].
[1] https://weakdh.org/ [2] https://weakdh.org/logjam.html [3] https://weakdh.org/imperfect-forward-secrecy.pdf
