Users are being urged to upgrade OpenSSL to prevent eavesdroppers listening to otherwise encrypted connections undermined through the LogJam vulnerability thought to be the NSA's crypto-cracking tool of choice.
OpenSSL maintainers have patched seven vulnerabilities including the LogJam vulnerability (CVE-2015-4000) which allows attackers to trick browsers into considering an insecure encrypted connection as secure.

"A vulnerability in the TLS protocol allows a man-in-the-middle attacker to downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key exchange to 512-bit export-grade cryptography," OpenSSL maintainers wrote in an advisory.

The link for this article located at The Register UK is no longer available.