FREAK SSL/TLS vulnerability (CVE-2015-0204)
hx1997 · 2015-03-05 19:14:59 +08:00 · 3556 次点击这是一个创建于 3549 天前的主题,其中的信息可能已经有所发展或是发生改变。
https://freakattack.com/
A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204.
A connection is vulnerable if the server accepts RSA_EXPORT cipher suites and the client either offers an RSA_EXPORT suite or is using a version of OpenSSL that is vulnerable to CVE-2015-0204.
7 条回复 • 2015-03-05 21:47:23 +08:00
 |
1
qazplkm 2015-03-05 19:52:47 +08:00
对普通用户是否有影响?
|
|
3
qazplkm 2015-03-05 19:56:52 +08:00
@sanddudu 我测了chrome,safe from the FREAK Attack. 不知SSL vpn和ss怎么情况
|
 |
5
phoeagon 2015-03-05 21:39:16 +08:00
上面還有 什麼值得買
|
 |
6
cmkpl 2015-03-05 21:41:39 +08:00
有没有工具是测试 server 端的呢?
|
 |
7
sanddudu 2015-03-05 21:47:23 +08:00  3
@cmkpl
What should I do? If you run a web server, you should disable support for any export suites. However, instead of simply excluding RSA export cipher suites, we encourage administrators to disable support for all known insecure ciphers (e.g., there are export cipher suites protocols other than RSA) and enable forward secrecy. Mozilla has published a guide and SSL Configuration Generator, which will generate known good configurations for common servers. You can check whether a website supports RSA_EXPORT suites using the SSL FREAK Check. However, we also encourage administrators to check their overall site configuration using the Qualys SSL Labs' SSL Server Test, which will identify other potential misconfigurations. https://tools.keycdn.com/freak https://www.ssllabs.com/ssltest/ |
Select Language