Archive for June, 2015


IpTL Provides Security Against LogJam Attack

Posted by Comments Off on IpTL Provides Security Against LogJam Attack

You may have read or heard about concerns recently over various encryption and "secure" VPN methodologies, including the so-called "LogJam Attack".   This attack basically looks to “mess up” the selection of encryption used on a link to force it to a weak link that is crackable.  

The real problem is with poorly configured HTTPS and SSL VPN’s which are trying to support legacy applications.  IpTL has always had security at the forefront of our connectivity and as such we are not vulnerable to this attack. 

Here are some key points which are standard in any IpTL solution:

  • IpTL secure links do not use SSL or HTTPS. We are built on TLSv1.2 and use AES 256 encryption default.

  • There are no weak export ciphers in our system.

  • We use 2,048 bit RSA asymmetric keys.

  • IpTL is a closed symmetric system with our appliances or virtual machines are on both ends of the link and not point-security solution.

    Thus, we can guarantee AES 256 encryption on your data and no one can force a downgrade to another encryption level which can be broken.   If the cipher spec is altered then no connection will take place and no data leaked.

  • With our Tunnel Authentication passphrase you can input a 64 character passcode which locks even the initial TLS communications between the endpoints.  Note: this is not the encryption pre-shared key (we don’t offer preshared keys!) 

    When using this feature only the appliances sharing the same passphrase can communicate.  Any other connection attempts are ignored…you can’t even get the server to respond to a non-authorized connection to attempt a downgrade.  This is above and beyond our standard ephemeral key exchanges and HMACs of TLS!

  • IpTL offers the elliptical curve AES 256 GCM with SHA 384 as a cipher option for true state-of-the-art confidentiality, standard!

Email us at and ask for our Security White Paper for even deeper details on how we connect and secure your network!

Category : Corporate | News | Security Advisories | Blog