New SSL/TLS - freak attack vulnerability

March 3, 2015 a security flaw regarding SSL/TLS has been discovered.

That allows?

Well exploited the latter would allow an attacker to decrypt encrypted connections.

A connection is vulnerable if the server accepts the RSA_EXPORT cipher suites and the client also emits a cipher RSA_EXPORT suite or uses a version of OpenSSL vulnerable to CVE-2015-0204 as exported RSA keys are 512-bit keys.

Many appliances are concerned whether it of PC, phone or product apple using old versions of Openssl.

Since when does it exist?

Export of RSA key uses 512-bit keys, so the fault became exploitable once the computers have been technologically able to break this type of key.

How to check if I am impacted?

All web sites that use RSA (TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) cipher suites.

You can check if your site is vulnerable by going to:

  • How to fix the?

    You need to disable the export of RSA key. You should also disable any other cipher suite known to be poorly secured and enable persistent confidentiality.

    If you have a shared benefit or complete outsourcing be aware that our teams have already complied.

    Add new comment