March 3, 2015 a security flaw regarding SSL/TLS has been discovered.
That allows?
Well exploited the latter would allow an attacker to decrypt encrypted connections.
A connection is vulnerable if the server accepts the RSA_EXPORT cipher suites and the client also emits a cipher RSA_EXPORT suite or uses a version of OpenSSL vulnerable to CVE-2015-0204 as exported RSA keys are 512-bit keys.
Many appliances are concerned whether it of PC, phone or product apple using old versions of Openssl.
Since when does it exist?
Export of RSA key uses 512-bit keys, so the fault became exploitable once the computers have been technologically able to break this type of key.How to check if I am impacted?
All web sites that use RSA (TLS_RSA_EXPORT_WITH_DES40_CBC_SHA) cipher suites.
You can check if your site is vulnerable by going to:
How to fix the?
You need to disable the export of RSA key. You should also disable any other cipher suite known to be poorly secured and enable persistent confidentiality.
- https://www.digicert.com/SSL-support/SSL-enabling-perfect-forward-secrecy.htm
- https://wiki.Mozilla.org/security/Server_Side_TLS#Recommended_configurations
- https://Mozilla.github.IO/server-side-TLS/SSL-config-generator/
Mozilla has released tools to generate a good configuration of your server.
If you have a shared benefit or complete outsourcing be aware that our teams have already complied.
Add new comment