Worried about Logjam?

[Moonchild]

The most recent buzz in the Internet Security corner is something called "Logjam".

Our friends at CloudFlare have written up a good explanation about DH key exchange and the actual issue that has been brought to light. You can read it here:
https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained/

The risk
The only connections that are at risk are connections to servers that still accept DHE_EXPORT ciphersuites or use small DHE parameter blocks (which rules out any server with a pro-active administrator who has paid attention in the past 2 decades, save those forced by the authorities to not use acceptable encryption). Server operators most certainly need to make sure not to use these ciphersuites and use sufficiently large DHE parameter blocks.

Pale Moon's response
Pale Moon, from the next version forward, will no longer accept anything less than 1024-bits DH keys for DHE key exchange. This is still a relatively poor lower limit but pushing it higher than that would break many legacy server connections, so it is as far as any reasonable general-use browser can go at this time.

If you are overly worried
... then you can mitigate the potential risk by installing the Pale Moon Commander extension (for sake of ease), go to Security -> Ciphers 1, and deselect all ciphers starting with "DHE" (the left column). Please be aware that some (a very small number of) servers with odd combinations of offered cipher suites may not like this and may prevent you from connecting -- contact the server operator in that case and ask them to offer straight-up RSA or ECDHE ciphers.

If you do not wish to use the extension and are familiar with about:config preferences editing, make sure to set all security.ssl3.dhe_* preferences to false.