FREAK SSL/TLS vulnerability (CVE-2015-0204)

This topic created in 4087 days ago, the information mentioned may be changed or developed.

https://freakattack.com/

A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204.

CVE

vulnerable

openssl

7 replies • 2015-03-05 21:47:23 +08:00

qazplkm

Mar 5, 2015

对普通用户是否有影响？

sanddudu

Mar 5, 2015

@qazplkm 有的，你可以进入 Client Test 来测试是否受到影响

qazplkm

Mar 5, 2015

@sanddudu 我测了chrome，safe from the FREAK Attack. 不知SSL vpn和ss怎么情况

0x1e240

Mar 5, 2015

第一 Alexa Rank 27 sohu.com
原来搜狐支持 SSL
点进去。。。What the FK

phoeagon

Mar 5, 2015

上面還有什麼值得買

cmkpl

Mar 5, 2015

有没有工具是测试 server 端的呢?

sanddudu

Mar 5, 2015

@cmkpl
What should I do?
If you run a web server, you should disable support for any export suites. However, instead of simply excluding RSA export cipher suites, we encourage administrators to disable support for all known insecure ciphers (e.g., there are export cipher suites protocols other than RSA) and enable forward secrecy. Mozilla has published a guide and SSL Configuration Generator, which will generate known good configurations for common servers.

You can check whether a website supports RSA_EXPORT suites using the SSL FREAK Check. However, we also encourage administrators to check their overall site configuration using the Qualys SSL Labs' SSL Server Test, which will identify other potential misconfigurations.

https://tools.keycdn.com/freak
https://www.ssllabs.com/ssltest/