Skip to main content
banner image
venafi logo

Preventing Downgrade Attacks

Preventing Downgrade Attacks

preventing download attacks
June 8, 2020 | Jay Thakkar

TLS (transport layer security), also known as SSL (secure socket layer), is the cryptographic protocol that enables billions of people across the world to use the internet by protecting their privacy and data security. It forms the very foundation of website security.

The strength of TLS protection lies in the encryption algorithms and security parameters that it works on. These algorithms and parameters differ from one SSL/TLS version to another. When a security element of a TLS version is found to be seriously vulnerable, that version of SSL/TLS is deprecated and is replaced by a newer version.

Until now, there have been six versions of SSL and TLS in total, with TLS 1.3 being the latest of them. Today, TLS 1.2 and TLS 1.3 are the only two TLS versions that are secure enough to be trusted by major browsers.

What is a TLS Downgrade Attack?

TLS protocol is primarily used in communication between servers and clients. Therefore, the latest TLS protocol is used only if the client and the server support it. If both entities support a secure TLS protocol version for their communication, then it’s virtually impossible for an attacker to execute a man-in-the-middle (MiTM) attack.

Now, here comes the TLS downgrade attack.

A TLS downgrade attack tricks the client and server into using older protocols or insecure parameters for encrypting the information in transit. Once that is done, the attacker tries to intercept and/or alter the information by exploiting flaws in the older protocol versions or weak cryptographic algorithms.

Most Infamous Downgrade Attacks and How to Prevent Them

POODLE, FREAK and Logjam are three of the deadliest downgrade attacks that we’ve seen to date. All these attacks are different in nature and rely on different methods to weaken security. Let’s see each of them one-by-one to learn about them and how you can protect your server against them.


POODLE (padding Oracle on downgraded legacy encryption) is arguably the most infamous downgrade attack that we’ve witnessed. It exploits the TLS connection by downgrading the TLS connection to SSL 3.0. Once the connection has been downgraded, an attacker only needs to make 256 requests over SSL 3.0 to crack an encrypted message of one byte. This vulnerability led to SSL 3.0’s deprecation across the internet.

How to Protect Your Server from POODLE Attack?

The most obvious and easiest way to protect your web server against POODLE attack is by simply disabling support for the SSL 3.0 protocol version. Ideally, you shouldn’t be using any TLS version preceding TLS 1.2 as all of them have been found to be vulnerable.

FREAK Attack

The FREAK (factoring RSA export keys) attack exploits a class of deliberately weak export cipher suites introduced decades ago by the US government agencies to decrypt all foreign encrypted communication. FREAK works by tricking the server into using an export cipher suite that uses RSA of moduli of less than 512 bits. This key can be easily cracked by today’s computing power.

How to Protect Your Server from FREAK Attack?

If you’re not sure whether your website is vulnerable to FREAK or not, then you can go to this website to check it. If your website is vulnerable, then you must disable support for any export-grade cipher suites in software using SSL/TLS.

Logjam Attack

The Logjam attack allows an attacker to intercept an HTTPS connection by downgrading the connection to 512-bit export-grade cryptography. This is quite similar to the FREAK attack but except that Logjam attacks the Diffie-Hellman key exchange instead of the RSA key exchange.

How to Protect Your Server from Logjam Attack?

To protect your server from getting attacked by Logjam, you must disable support for all DHE_EXPORT cipher suites on your servers. This won’t let an attacker downgrade the connection to the 512-bit DH export key.

A Rule of Thumb to Protect Against SSL/TLS Downgrade Attacks

The reason why downgrade attacks work is because the attackers are somehow successful in tricking server and client into falling back to using insecure protocols or weakened parameters. This small window of opportunity is open for them because you haven’t closed it down by disabling support for weak protocols and parameters.

To protect against all known and unknown TLS downgrade attacks, the best thing you can do is update all your systems to the latest versions of TLS. That way you won’t have to support any backward compatibility. Then, you’ll be able to safely disable your server support for all TLS protocols except TLS 1.2 and 1.3 as a rule of thumb. These two protocols don’t consist of any of the same major vulnerabilities as their predecessors and that’s why they’re quite safe to use.

Learn more about lurking TLS threats.




Related posts

Like this blog? We think you will love this.
what is an ssl certificate
Featured Blog

What is an X.509 Digital Certificate?

SSL/TLS certificates are X.509 certificates with Extended Key Usage: Server Authentication (1.3.6

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Jay Thakkar
Jay Thakkar

Jay is a freelance cybersecurity writer passionate about educating the Information Technology community. He has previously written for The SSL Store.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more